Topic: wolfSSL and CyaSSL Users SAFE from Heartbleed Bug

A recently-discovered bug in OpenSSL’s implementation of the TLS Heartbeat Extension makes it possible for malicious attackers to potentially recover the private keys and sensitive data that should normally be secured by SSL/TLS. The vulnerability has been recorded as CVE-2014-0160.

We want to assure our users and customers that CyaSSL and wolfSSL products are NOT affected by the Heartbleed bug in any way.  This was a bug specific to OpenSSL’s implementation of the TLS Heartbeat Extension (RFC6520: https://tools.ietf.org/html/rfc6520).  This bug existed in OpenSSL for over two years, with vulnerable versions including OpenSSL 1.0.1 - 1.0.1f (inclusive).

Interested parties can learn more about this bug in OpenSSL at the following links:

http://heartbleed.com/
https://www.openssl.org/news/secadv_20140407.txt
https://cve.mitre.org/cgi-bin/cvename.c … -2014-0160

For additional information or questions about CyaSSL, please contact us at info@wolfssl.com.

Re: wolfSSL and CyaSSL Users SAFE from Heartbleed Bug

Yes, that's correct. The Heartbleed vulnerability (CVE-2014-0160) was a serious flaw found specifically in OpenSSL's implementation of the TLS Heartbeat Extension, allowing attackers to potentially access sensitive information such as private keys, passwords, and other protected data from affected servers.

However, users of wolfSSL and the former CyaSSL library were not impacted by this issue. Since the vulnerability was tied to OpenSSL's implementation, wolfSSL and CyaSSL remained secure and unaffected by the Heartbleed bug.

Share