CVE-2014-2903

EUVD-2014-2926
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
wolfsslwolfssl
𝑥
≤ 2.9.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wolfssl
bookworm
5.5.4-2+deb12u1
fixed
bullseye
4.6.0+p1-0+deb11u2
fixed
sid
5.7.2-0.1
fixed
trixie
5.7.2-0.1
fixed
Common Weakness Enumeration
References
http://secunia.com/advisories/62604
http://www.openwall.com/lists/oss-security/2014/04/18/2
http://secunia.com/advisories/62604
http://www.openwall.com/lists/oss-security/2014/04/18/2