Timing Side-Channel Vulnerability in wolfSSL by wolfSSL Inc.
CVE-2020-11713

7.5HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 12 April 2020

Summary

A vulnerability exists in wolfSSL version 4.3.0 due to improper resistance to timing side-channel attacks in the wc_ecc_mulmod_ex function within the ecc.c file. This flaw could allow an adversary to gain insights into cryptographic operations by analyzing the timing of certain operations, potentially compromising the security of applications relying on this library. Proper defense mechanisms must be employed to mitigate the risks associated with this vulnerability.

References

https://github.com/wolfSSL/wolfssl/pull/2894/

x_refsource_MISC

https://gist.github.com/pietroborrello/7c5be2d1dc15349c4f...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2020
Vulnerability Reserved
Apr 12, 2020