CVE-2024-2881

2024-08-3000:15:04

CWE-74

CWE-252

CWE-1256

[email protected]

web.nvd.nist.gov

fault injection

wolfssl

ed25519.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

Affected configurations

Nvd

Node

wolfsslwolfsslMatch5.6.6

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
wolfsslwolfssl5.6.6cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wolfssl	wolfssl	5.6.6	cpe:2.3:a:wolfssl:wolfssl:5.6.6:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*