Topic: wolfSSL unaffected by May 3rd, 2016 OpenSSL high severity security fix
OpenSSL released a security advisory on May 3rd 2016: https://www.openssl.org/news/secadv/20160503.txt. Some wolfSSL embedded SSL/TLS users are probably wondering if similar security fixes are needed in wolfSSL. The answer to that is no. Specifically, CVE-2016-2107 and CVE-2016-2108 are OpenSSL implementation bugs. Since wolfSSL and CyaSSL embedded SSL libraries have a completely different code base from OpenSSL we do not share these defects.
Please contact wolfSSL by email at firstname.lastname@example.org, or call us at 425 245 8247 if you have any security related questions.