Lucene search

Ubuntu.comUB:CVE-2024-2881

HistorySep 03, 2024 - 12:00 a.m.

CVE-2024-2881

2024-09-0300:00:00

ubuntu.com

wolfssl

ed25519.c

vulnerability

fault injection

linux

windows

disclosure

privileges

rowhammer

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Fault Injection vulnerability in wc_ed25519_sign_msg function in
wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows
allows remote attacker co-resides in the same system with a victim process
to disclose information and escalate privileges via Rowhammer fault
injection to the ed25519_key structure.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchwolfssl< anyUNKNOWN
ubuntu20.04noarchwolfssl< anyUNKNOWN
ubuntu22.04noarchwolfssl< anyUNKNOWN
ubuntu24.04noarchwolfssl< anyUNKNOWN
ubuntu16.04noarchwolfssl< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	20.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	22.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	24.04	noarch	wolfssl	< any	UNKNOWN
ubuntu	16.04	noarch	wolfssl	< any	UNKNOWN

References

github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable

launchpad.net/bugs/cve/CVE-2024-2881

nvd.nist.gov/vuln/detail/CVE-2024-2881

security-tracker.debian.org/tracker/CVE-2024-2881

www.cve.org/CVERecord?id=CVE-2024-2881

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Related for UB:CVE-2024-2881