Last year wolfSSL fixed 8 vulnerabilities and documented them in the wolfSSL embedded SSL/TLS library release notes. Thanks to all of the researcher reports, and to the dedicated wolfSSL team, the fixes were identified and resolved rapidly. How rapidly you may ask? The average time to get a fix submitted for review on the vulnerabilities listed in 2020 was just over 26 hours.
Thanks to the researchers that submitted reports!
- Gerald Doussot from NCC group
- Lenny Wang of Tencent Security Xuanwu LAB
- Ida Bruhns from Universität zu Lübeck and Samira Briongos from NEC Laboratories Europe
- Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from the Network and Information Security Group (NISEC) at Tampere University
- Paul Fiterau of Uppsala University and Robert Merget of Ruhr-University Bochum
- Pietro Borrello at Sapienza University of Rome
If you have a vulnerability to report or would like more information, contact us at firstname.lastname@example.org, the wolfSSL development team takes vulnerabilities seriously.