CVE-2014-2900

Published: Apr 22, 2014Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

Affected (45)

Products: Yassl: Cyassl

Yassl

1 product

Cyassl

Configuration A

45 vulnerable

Vulnerable Software	Affected Versions
Yassl Cyassl	Up to 2.9.0
Yassl Cyassl	Version 0.2.0
Yassl Cyassl	Version 0.3.0
Yassl Cyassl	Version 0.4.0
Yassl Cyassl	Version 0.5.0
Yassl Cyassl	Version 0.5.5
Yassl Cyassl	Version 0.6.0
Yassl Cyassl	Version 0.6.2
Yassl Cyassl	Version 0.6.3
Yassl Cyassl	Version 0.8.0
Yassl Cyassl	Version 0.9.0
Yassl Cyassl	Version 0.9.6
Yassl Cyassl	Version 0.9.8
Yassl Cyassl	Version 0.9.9
Yassl Cyassl	Version 1.0.0 rc1
Yassl Cyassl	Version 1.0.0 rc2
Yassl Cyassl	Version 1.0.0 rc3
Yassl Cyassl	Version 1.0.2
Yassl Cyassl	Version 1.0.3
Yassl Cyassl	Version 1.0.6
Yassl Cyassl	Version 1.1.0
Yassl Cyassl	Version 1.2.0
Yassl Cyassl	Version 1.3.0
Yassl Cyassl	Version 1.4.0
Yassl Cyassl	Version 1.5.0
Yassl Cyassl	Version 1.5.4
Yassl Cyassl	Version 1.5.6
Yassl Cyassl	Version 1.6.0
Yassl Cyassl	Version 1.6.5
Yassl Cyassl	Version 1.8.0
Yassl Cyassl	Version 1.9.0
Yassl Cyassl	Version 2.0.0 rc1
Yassl Cyassl	Version 2.0.0 rc2
Yassl Cyassl	Version 2.0.0 rc3
Yassl Cyassl	Version 2.0.2
Yassl Cyassl	Version 2.0.6
Yassl Cyassl	Version 2.0.8
Yassl Cyassl	Version 2.2.0
Yassl Cyassl	Version 2.3.0
Yassl Cyassl	Version 2.4.0
Yassl Cyassl	Version 2.4.6
Yassl Cyassl	Version 2.5.0
Yassl Cyassl	Version 2.6.0
Yassl Cyassl	Version 2.7.0
Yassl Cyassl	Version 2.8.0