CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2881 – Fault Injection of EdDSA signature in WolfCrypt
https://notcve.org/view.php?id=CVE-2024-2881
29 Aug 2024 — Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure. Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system ... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable • CWE-252: Unchecked Return Value CWE-1256: Improper Restriction of Software Interfaces to Hardware Features •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1545 – Fault Injection of RSA encryption in WolfCrypt
https://notcve.org/view.php?id=CVE-2024-1545
29 Aug 2024 — Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a vict... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable • CWE-252: Unchecked Return Value CWE-1256: Improper Restriction of Software Interfaces to Hardware Features •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1543 – AES T-Table sub-cache-line leakage
https://notcve.org/view.php?id=CVE-2024-1543
29 Aug 2024 — The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023 • CWE-208: Observable Timing Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1544 – ECDSA nonce bias caused by truncation
https://notcve.org/view.php?id=CVE-2024-1544
27 Aug 2024 — Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel rev... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5814 – Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
https://notcve.org/view.php?id=CVE-2024-5814
27 Aug 2024 — A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5288 – Safe-error attack on TLS 1.3 Protocol
https://notcve.org/view.php?id=CVE-2024-5288
27 Aug 2024 — An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. An issue was discovered in wolfSSL before 5.7.0. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5991 – Buffer overread in domain name matching
https://notcve.org/view.php?id=CVE-2024-5991
27 Aug 2024 — In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. • https://https://github.com/wolfSSL/wolfssl/pull/7604 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0901 – SEGV and out of bounds memory read from malicious packet
https://notcve.org/view.php?id=CVE-2024-0901
25 Mar 2024 — Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. SEGV ejecutado de forma remota y lectura fuera de los límites permite que el remitente de paquetes maliciosos falle o provoque una lectura fuera de los límites mediante el envío de un paquete con formato incorrecto y con la longitud correcta. • https://github.com/wolfSSL/wolfssl/issues/7089 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6936 – Heap-buffer over-read with WOLFSSL_CALLBACKS
https://notcve.org/view.php?id=CVE-2023-6936
20 Feb 2024 — In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). En wolfSSL anterior a 5.6.6, si las funciones de devolución de llamada están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del búfer en el montón de 5 bytes (WOLF... • https://github.com/wolfSSL/wolfssl/pull/6949 • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6937 – Improper (D)TLS key boundary enforcement
https://notcve.org/view.php?id=CVE-2023-6937
15 Feb 2024 — wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but ... • https://github.com/wolfSSL/wolfssl/pull/7029 • CWE-20: Improper Input Validation •