FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 18:35:25 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3d1372e1-7822-4fd8-b56e-5ee832afbd96	wolfssl -- DDoS amplification in DTLS Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself. Discovery 2015-09-18 Entry 2016-01-05 wolfssl < 3.6.8 https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html https://github.com/IAIK/wolfSSL-DoS CVE-2015-6925
9b9a5f6e-1755-11ed-adef-589cfc01894a	wolfssl -- multiple issues wolfSSL blog reports: In release 5.4.0 there were 3 vulnerabilities listed as fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2 denial of service attack and the other a ciphertext attack on ECC/DH operations. The last vulnerability listed was a public disclosure of a previous attack on AMD devices fixed since wolfSSL version 5.1.0. Coordination of the disclosure of the attack was done responsibly, in cooperation with the researchers, waiting for the public release of the attack details since it affects multiple security libraries. Discovery 2022-07-11 Entry 2022-08-08 wolfssl < 5.4.0 CVE-2022-34293 CVE-2020-12966 CVE-2021-46744 https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033
331eabb3-85b1-466a-a2af-66ac864d395a	wolfssl -- leakage of private key information Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions. Discovery 2015-09-17 Entry 2016-01-05 wolfssl < 3.6.8 https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ CVE-2015-7744

VuXML ID

Description

3d1372e1-7822-4fd8-b56e-5ee832afbd96

wolfssl -- DDoS amplification in DTLS

Sebastian Ramacher identified an error in wolfSSL's implementation of the server side of the DTLS handshake, which could be abused for DDoS amplification or a DoS on the DTLS server itself.

Discovery 2015-09-18
Entry 2016-01-05
wolfssl

< 3.6.8

https://www.wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html
https://github.com/IAIK/wolfSSL-DoS
CVE-2015-6925

9b9a5f6e-1755-11ed-adef-589cfc01894a

wolfssl -- multiple issues

wolfSSL blog reports:

In release 5.4.0 there were 3 vulnerabilities listed as fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS 1.0/1.2 denial of service attack and the other a ciphertext attack on ECC/DH operations. The last vulnerability listed was a public disclosure of a previous attack on AMD devices fixed since wolfSSL version 5.1.0. Coordination of the disclosure of the attack was done responsibly, in cooperation with the researchers, waiting for the public release of the attack details since it affects multiple security libraries.

Discovery 2022-07-11
Entry 2022-08-08
wolfssl

< 5.4.0

CVE-2022-34293
CVE-2020-12966
CVE-2021-46744
https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033

331eabb3-85b1-466a-a2af-66ac864d395a

wolfssl -- leakage of private key information

Florian Weimer of Redhat discovered that an optimization in RSA signature validation can result in disclosure of the server's private key under certain fault conditions.

Discovery 2015-09-17
Entry 2016-01-05
wolfssl

< 3.6.8