CVE-2014-2900

Name of the Vulnerable Software and Affected Versions wolfSSL CyaSSL versions prior to 2.9.4

Description The issue is related to the improper validation of X.509 certificates with unknown critical extensions. This allows man-in-the-middle attackers to spoof servers via crafted X.509 certificates.

Recommendations For versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue.