Vendor coverage

yassl vulnerabilities

Track published CVEs, severity trends, and remediation context for yassl products.

RSS

Total vulnerabilities

Critical issues

Average CVSS score

6.6

Search results

Filtered vulnerability results

Showing 1-8 of 8 vulnerabilities.

Sort current page

CVE-2014-2900UnknownCVSS5.8Published Apr 22, 2014

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

Affected vendor

yassl

Affected product

cyassl

Coverage

45 affected product entries

CVSS

5.8

UNKNOWN

Published

Apr 22, 2014

CVE-2014-2899UnknownCVSS5.0Published Apr 22, 2014

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.

Affected vendor

yassl

Affected product

cyassl

Coverage

45 affected product entries

CVSS

5.0

UNKNOWN

Published

Apr 22, 2014

CVE-2013-1623UnknownCVSS4.3Published Feb 8, 2013

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected vendor

yassl

Affected product

cyassl

Coverage

40 affected product entries

CVSS

4.3

UNKNOWN

Published

Feb 8, 2013

CVE-2012-1558UnknownCVSS5.0Published Mar 12, 2012

yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate.

Affected vendor

yassl

Affected product

cyassl

Coverage

35 affected product entries

CVSS

5.0

UNKNOWN

Published

Mar 12, 2012

CVE-2011-2900UnknownCVSS7.5Published Aug 5, 2011

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

Affected vendor

shttpd

Affected product

shttpd

Coverage

3 affected product entries

CVSS

7.5

UNKNOWN

Published

Aug 5, 2011

CVE-2008-0227UnknownCVSS7.5Published Jan 10, 2008

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

Affected vendor

yassl

Affected product

yassl

Coverage

Single affected product entry

CVSS

7.5

UNKNOWN

Published

Jan 10, 2008

CVE-2008-0226UnknownCVSS7.5Published Jan 10, 2008

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Affected vendor

yassl

Affected product

yassl

Coverage

75 affected product entries

CVSS

7.5

UNKNOWN

Published

Jan 10, 2008

CVE-2005-3731UnknownCVSS10.0Published Nov 21, 2005

Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."

Affected vendor

yassl

Affected product

yassl

Coverage

19 affected product entries

CVSS

10.0

UNKNOWN

Published

Nov 21, 2005