Cache Timing Vulnerability in wolfSSL Prior to Version 4.5.0
CVE-2020-15309

7HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 21 August 2020

Summary

A cache timing vulnerability exists in wolfSSL prior to version 4.5.0, which can be exploited by local attackers to launch cache-timing attacks against public key operations. If the affected system has been involved in private key operations, such as signing, attackers may be able to obtain sensitive information. This vulnerability highlights the importance of using single precision for enhanced security in cryptographic operations.

References

https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-st...

x_refsource_CONFIRM

https://arxiv.org/abs/2008.12188

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2020
Vulnerability Reserved
Jun 26, 2020