CVE-2014-2903Wolfssl vulnerability

CWE-3104 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 56.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WolfsslDebian Wolfssl
Timeline
PublishedOct 6
Latest updateMay 17

Description

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

debiandebian/wolfssl< wolfssl 3.4.8+dfsg-1 (bookworm)
Debianwolfssl/wolfssl< 3.4.8+dfsg-1+3
NVDwolfssl/wolfssl2.9.4

🔴Vulnerability Details

2
GHSA
GHSA-9gm2-vj3x-997g: CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate no2022-05-17
OSV
CVE-2014-2903: CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate no2017-10-06

📋Vendor Advisories

1
Debian
CVE-2014-2903: wolfssl - CyaSSL does not check the key usage extension in leaf certificates, which allows...2014
CVE-2014-2903 — Debian Wolfssl vulnerability | cvebase