CVE-2014-2900

Severity

57%

Complexity

86%

Confidentiality

81%

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

yaSSL CyaSSL

First reported 10 years ago

2014-04-22 14:23:00

Last updated 7 years ago

2017-07-01 01:29:00

Affected Software

yaSSL CyaSSL 2.5.0

2.5.0

yaSSL CyaSSL 2.6.0

2.6.0

yaSSL CyaSSL 0.7.0

2.7.0

yaSSL CyaSSL 2.8.0

2.8.0

References

[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?

[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?

57743

Vendor Advisory

66780

http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

Vendor Advisory

http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html

GLSA-201612-53

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.