Writeup Exploits

60,406 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-24116 WRITEUP MEDIUM
Wolfssl < 4.6.0 - Information Disclosure
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVSS 4.9
CVE-2020-36177 WRITEUP CRITICAL
Wolfssl < 4.6.0 - Out-of-Bounds Write
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
CVSS 9.8
CVE-2020-36177 WRITEUP CRITICAL
Wolfssl < 4.6.0 - Out-of-Bounds Write
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
CVSS 9.8
CVE-2020-36177 WRITEUP CRITICAL
Wolfssl < 4.6.0 - Out-of-Bounds Write
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
CVSS 9.8
CVE-2020-24585 WRITEUP MEDIUM
wolfSSL <4.5.0 - Info Disclosure
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
CVSS 5.3
CVE-2020-24585 WRITEUP MEDIUM
wolfSSL <4.5.0 - Info Disclosure
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
CVSS 5.3
CVE-2020-15309 WRITEUP HIGH
wolfSSL <4.5.0 - Info Disclosure
An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).
CVSS 7.0
CVE-2020-12457 WRITEUP HIGH
wolfSSL <4.5.0 - DoS
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.
CVSS 7.5
CVE-2020-12457 WRITEUP HIGH
wolfSSL <4.5.0 - DoS
An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.
CVSS 7.5
CVE-2020-11735 WRITEUP MEDIUM
Wolfssl < 4.4.0 - Information Disclosure
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
CVSS 5.3
CVE-2020-11713 WRITEUP HIGH
Wolfssl - Information Disclosure
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
CVSS 7.5
CVE-2019-6439 WRITEUP CRITICAL
Wolfssl < 3.15.7 - Out-of-Bounds Write
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
CVSS 9.8
CVE-2019-19963 WRITEUP MEDIUM
wolfSSL <4.3.0 - Info Disclosure
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
CVSS 5.3
CVE-2019-19962 WRITEUP HIGH
Wolfssl < 4.3.0 - Signature Verification Bypass
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
CVSS 7.5
CVE-2019-19960 WRITEUP MEDIUM
wolfSSL <4.3.0 - Info Disclosure
In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
CVSS 5.3
CVE-2019-18840 WRITEUP HIGH
wolfSSL <4.2.0c - Buffer Overflow
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.
CVSS 7.5
CVE-2019-16748 WRITEUP CRITICAL
wolfSSL <4.1.0 - Buffer Overflow
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
CVSS 9.8
CVE-2019-15651 WRITEUP CRITICAL
Wolfssl - Out-of-Bounds Read
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
CVSS 9.8
CVE-2018-16870 WRITEUP MEDIUM
wolfssl <3.15.7 - Info Disclosure
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
CVSS 5.9
CVE-2017-8855 WRITEUP HIGH
wolfSSL <3.11.0 - Buffer Overflow
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
CVSS 7.5
CVE-2017-8854 WRITEUP HIGH
Wolfssl < 3.10.0a - Memory Corruption
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
CVSS 7.8
CVE-2017-6076 WRITEUP MEDIUM
Wolfssl < 3.10.2 - Information Disclosure
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
CVSS 5.5
CVE-2017-13099 WRITEUP HIGH
Wolfssl < 3.12.2 - Information Disclosure
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
CVSS 7.5
CVE-2026-4395 WRITEUP CRITICAL
Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkey_raw buffer via a crafted oversized EC public key point. The WOLFSSL_KCAPI_ECC code path copies the input to key->pubkey_raw (132 bytes) using XMEMCPY without a bounds check, unlike the ATECC code path which includes a length validation. This can be triggered during TLS key exchange when a malicious peer sends a crafted ECPoint in ServerKeyExchange.
CVSS 9.8
CVE-2026-4159 WRITEUP LOW
wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default.
CVSS 3.3
By Source
All 60,406 Writeup 60,406 Exploitdb 50,009 Nomisec 21,913 Metasploit 3,229 Github 2,761 Vulncheck_xdb 907 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,046 ruby 5,918 c 3,579 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 61 postscript 25 xml 24