Lucene search

[email protected]CVE-2020-11713

HistoryApr 12, 2020 - 5:15 p.m.

CVE-2020-11713

2020-04-1217:15:00

CWE-203

[email protected]

web.nvd.nist.gov

cve-2020-11713

wolfssl

mulmod code

timing side-channel attacks

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.9%

JSON

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.

CPENameOperatorVersion
wolfssl:wolfsslwolfssleq4.3.0

CPE	Name	Operator	Version
wolfssl:wolfssl	wolfssl	eq	4.3.0

References

gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f

github.com/wolfSSL/wolfssl/pull/2894/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.9%

JSON

Related for CVE-2020-11713

osv1 cvelist1 prion1 debiancve1 ubuntucve1