QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2898

Published: Jan 28, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

x_refsource_CONFIRM

http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html

x_refsource_CONFIRM

http://seclists.org/oss-sec/2014/q2/126

x_refsource_MISC

http://seclists.org/oss-sec/2014/q2/130

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.