Search CVE reports
31 – 40 of 36907 results
1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
[Unknown description]
1 affected package
qemu
| Package | 22.04 LTS |
|---|---|
| qemu | Needs evaluation |
In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced...
1 affected package
wolfssl
| Package | 22.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 22.04 LTS |
|---|---|
| pypy3 | Needs evaluation |
| python2.7 | Needs evaluation |
| python3.4 | Not in release |
| python3.5 | Not in release |
| python3.6 | Not in release |
| python3.7 | Not in release |
| python3.8 | Not in release |
| python3.9 | Not in release |
| python3.10 | Needs evaluation |
| python3.11 | Needs evaluation |
| python3.12 | Not in release |
| python3.13 | Not in release |
| python3.14 | Not in release |