88 matches found
PT-2024-18128
Name of the Vulnerable Software and Affected Versions WolfSSL version 5.6.6 Description A Fault Injection vulnerability in the RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c allows a remote attacker co-residing in the same system with a victim process to disclose information and...
wolfCrypt leaks cryptographic information via timing side channel
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
GHSA-Q95H-VC86-HV77 wolfCrypt leaks cryptographic information via timing side channel
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
wolfSSL Out-of-Bounds Write Vulnerability
wolfSSL is a small, portable, embedded SSL/TLS library intended for use by embedded systems developers. An out-of-bounds write vulnerability exists in RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL versions prior to 4.6.0. No detailed vulnerability details are provided at this time...
CVE-2020-36177
RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size...
Wolfssl wolfSSL 缓冲区错误漏洞
wolfSSL is a small, portable, embedded SSL/TLS library intended for use by embedded systems developers. An out-of-bounds write vulnerability exists in RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL versions prior to 4.6.0. No detailed vulnerability details are provided at this time...
OSV-2020-2008 UNKNOWN WRITE in wolfCrypt_custom_free
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26214 Crash type: UNKNOWN WRITE Crash state: wolfCryptcustomfree wolfSSLFree GetDhPublicKey...
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
DEBIAN-CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
Code injection
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
UBUNTU-CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
CVE-2019-14317
wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces...
CVE-2019-14317
Summary of the vulnerability (CVE-2019-14317) : In wolfSSL/wolfCrypt up to version 4.1.0, DSA nonces are biased because dsa.c fixes two bits of the nonces. This bias makes it possible for a remote attacker to recover the long-term DSA private key after observing several hundred signatures, via a ...
DEBIAN-CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
UBUNTU-CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
Design/Logic Flaw
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...