CVE Vulnerabilities for WireGuard
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2023‑35838 | 2023‑08‑09 23:15:10 | MEDIUM (6) | The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard. | 2 | 4 | ADJACENT_NETWORK |
| CVE‑2021‑46873 | 2023‑01‑29 23:15:09 | MEDIUM (5) | WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. | 4 | 1 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.