PT-2014-4953 · Wolfssl · Cyassl
Suman Jana
·
Published
2014-04-22
·
Updated
2017-07-01
·
CVE-2014-2900
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
wolfSSL CyaSSL versions prior to 2.9.4
Description
The issue is related to the improper validation of X.509 certificates with unknown critical extensions. This allows man-in-the-middle attackers to spoof servers via crafted X.509 certificates.
Recommendations
For versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cyassl