CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1543 – AES T-Table sub-cache-line leakage
https://notcve.org/view.php?id=CVE-2024-1543
29 Aug 2024 — The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023 • CWE-208: Observable Timing Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1544 – ECDSA nonce bias caused by truncation
https://notcve.org/view.php?id=CVE-2024-1544
27 Aug 2024 — Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel rev... • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5814 – Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade
https://notcve.org/view.php?id=CVE-2024-5814
27 Aug 2024 — A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500 • https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5288 – Safe-error attack on TLS 1.3 Protocol
https://notcve.org/view.php?id=CVE-2024-5288
27 Aug 2024 — An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. An issue was discovered in wolfSSL before 5.7.0. • https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5991 – Buffer overread in domain name matching
https://notcve.org/view.php?id=CVE-2024-5991
27 Aug 2024 — In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. • https://https://github.com/wolfSSL/wolfssl/pull/7604 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6936 – Heap-buffer over-read with WOLFSSL_CALLBACKS
https://notcve.org/view.php?id=CVE-2023-6936
20 Feb 2024 — In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging). En wolfSSL anterior a 5.6.6, si las funciones de devolución de llamada están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS malicioso o un atacante de red puede desencadenar una sobrelectura del búfer en el montón de 5 bytes (WOLF... • https://github.com/wolfSSL/wolfssl/pull/6949 • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6937 – Improper (D)TLS key boundary enforcement
https://notcve.org/view.php?id=CVE-2023-6937
15 Feb 2024 — wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but ... • https://github.com/wolfSSL/wolfssl/pull/7029 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3724 – TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
https://notcve.org/view.php?id=CVE-2023-3724
17 Jul 2023 — If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue... • https://github.com/wolfSSL/wolfssl/pull/6412 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •
CVSS: 9.4EPSS: 3%CPEs: 1EXPL: 1CVE-2022-42905 – wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
https://notcve.org/view.php?id=CVE-2022-42905
06 Nov 2022 — In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) En wolfSSL anterior a 5.5.2, si las funciones callback están habilitadas (a través del indicador WOLFSSL_CALLBACKS), entonces un cliente TLS 1.3 malicioso o un atacante de red puede desencadenar una sobrelectura del búfer de memoria de 5 bytes. (WOLFSSL_CALLBA... • https://packetstorm.news/files/id/170610 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42961
https://notcve.org/view.php?id=CVE-2022-42961
15 Oct 2022 — An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) • https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable •