CVE-2024-1545

2024-08-2923:15:10

CWE-74

CWE-252

CWE-1256

[email protected]

web.nvd.nist.gov

vulnerability

rsaprivatedecryption

wolfssl 5.6.6

disclosure

information

escalation

rowhammer

fault injection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

Affected configurations

Nvd

Node

wolfsslwolfsslMatch5.6.6

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
wolfsslwolfssl5.6.6cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wolfssl	wolfssl	5.6.6	cpe:2.3:a:wolfssl:wolfssl:5.6.6:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*