Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-2881

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): LOW

created 6 months, 1 week ago

Fault Injection of EdDSA signature in WolfCrypt

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

References

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable

Affected products

wolfssl

=<5.6.6

wolfcrypt

=<5.6.6

Matching in nixpkgs

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

nixos-unstable -
- nixpkgs-unstable 5.8.2

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@vifino Adrian Pistol <vifino@tty.sh>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.wolfssl

Package maintainers