Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-1545

HistoryAug 29, 2024 - 11:15 p.m.

CVE-2024-1545

2024-08-2923:15:10

Alpine Linux Development Team

security.alpinelinux.org

wolfssl

rsaprivatedecryption

fault injection

vulnerability

linux

windows

rowhammer

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchwolfssl< 5.7.0-r0UNKNOWN
Alpine3.20-communitynoarchwolfssl< 5.7.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	wolfssl	< 5.7.0-r0	UNKNOWN
Alpine	3.20-community	noarch	wolfssl	< 5.7.0-r0	UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Related for ALPINE:CVE-2024-1545