Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-1545

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months, 1 week ago

Fault Injection of RSA encryption in WolfCrypt

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

References

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
https://github.com/wolfSSL/wolfssl/pull/7167

Affected products

wolfssl

=<5.6.6

wolfcrypt

=<5.6.6

Matching in nixpkgs

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

nixos-unstable -
- nixpkgs-unstable 5.8.2

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@vifino Adrian Pistol <vifino@tty.sh>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.wolfssl

Package maintainers