Summary
| Detail | |||
|---|---|---|---|
| Vendor | Yassl | First view | 2013-02-08 |
| Product | Cyassl | Last view | 2014-04-22 |
| Version | 2.4.0 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:yassl:cyassl | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.8 | 2014-04-22 | CVE-2014-2900 | wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. |
| 5 | 2014-04-22 | CVE-2014-2899 | wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. |
| 4.3 | 2013-02-08 | CVE-2013-1623 | The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-310 | Cryptographic Issues |
| 33% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-01-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201612-53.nasl - Type: ACT_GATHER_INFO |
| 2013-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201308-06.nasl - Type: ACT_GATHER_INFO |
| 2013-04-26 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1807-2.nasl - Type: ACT_GATHER_INFO |
| 2013-04-25 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1807-1.nasl - Type: ACT_GATHER_INFO |
