9 matches found
JLSEC-2026-683 An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT...
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...
CVE-2024-5288
...
DEBIAN-CVE-2024-5288
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...
CVE-2024-5288 Safe-error attack on TLS 1.3 Protocol
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...
CVE-2024-5288 Safe-error attack on TLS 1.3 Protocol
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...
CVE-2024-5288 Safe-error attack on TLS 1.3 Protocol
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...
PT-2024-6157 · Wolfssl +1 · Wolfssl +1
Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.7.0 Description: An issue was discovered in wolfSSL that leads to ECDSA key disclosure via a safe-error attack using Rowhammer, known as FAULT+PROBE. When WOLFSSL CHECK SIG FAULTS is used in signing operations with...
Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerabilities (USN-1152-1)
It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. CVE-2011-1486 Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix f...
CVE-2011-1486
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service crash by causing multiple threads to report errors at the same time...