Fault Injection Vulnerability Affects WolfSSL on Linux/Windows
CVE-2024-1545

8.8HIGH

Key Information:

Vendor: Wolfssl
Status: Wolfcrypt
Vendor: CVE Published:; 29 August 2024

What is CVE-2024-1545?

A fault injection vulnerability exists within the RsaPrivateDecryption function of WolfSSL versions prior to 5.7.0. This issue allows a remote attacker, who shares the same system as a victim process, to leverage Rowhammer fault injection techniques to manipulate the RsaKey structure. Such exploitation can lead to unauthorized information disclosure and escalation of privileges, posing significant risks to the affected systems on both Linux and Windows platforms.

Affected Version(s)

wolfCrypt Linux 0 <= 5.6.6

References

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-st...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2024

Wolfssl

What is CVE-2024-1545?

Affected Version(s)

References

CVSS V3.1

Timeline