CVE-2024-5288

Name
CVE-2024-5288
Description
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable

Match rules

CPE URI Source package Min version Max version
wolfssl >= 0 <= 5.7.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wolfssl edge-community 5.7.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
wolfssl 3.20-community 5.7.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable