CVE-2024-1545

2024-08-3000:00:00

ubuntu.com

cve-2024-1545

fault injection

rsaprivatedecryption

wolfssl

linux

windows

remote attacker

disclosure

escalate privileges

rowhammer

rsakey

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Fault Injection vulnerability in RsaPrivateDecryption function in
wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows
remote attacker co-resides in the same system with a victim process
to disclose information and escalate privileges via Rowhammer fault
injection to the RsaKey structure.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchwolfssl< anyUNKNOWN
ubuntu20.04noarchwolfssl< anyUNKNOWN
ubuntu22.04noarchwolfssl< anyUNKNOWN
ubuntu24.04noarchwolfssl< anyUNKNOWN
ubuntu16.04noarchwolfssl< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	20.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	22.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	24.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	16.04	noarch	wolfssl	< any	UNKNOWN