Fault Injection Vulnerability Affects WolfSSL on Linux/Windows
CVE-2024-1545

5.9MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfcrypt
Vendor: CVE Published:; 29 August 2024

What is CVE-2024-1545?

A fault injection vulnerability exists within the RsaPrivateDecryption function of WolfSSL versions prior to 5.7.0. This issue allows a remote attacker, who shares the same system as a victim process, to leverage Rowhammer fault injection techniques to manipulate the RsaKey structure. Such exploitation can lead to unauthorized information disclosure and escalation of privileges, posing significant risks to the affected systems on both Linux and Windows platforms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wolfCrypt Linux 0 <= 5.6.6

References

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-st...

https://github.com/wolfSSL/wolfssl/pull/7167

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2024

JSON

Wolfssl

What is CVE-2024-1545?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.