Lucene search

WolfSSLVULNRICHMENT:CVE-2024-2881

HistoryAug 29, 2024 - 11:10 p.m.

CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt

2024-08-2923:10:59

CWE-1256

CWE-252

wolfSSL

github.com

cve-2024-2881

fault injection

wolfcrypt

eddsa

wolfssl

linux

windows

remote attacker

disclosure

privileges

rowhammer

CVSS3

6.7

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

20.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:wolfssl:wolfcrypt:*:*:*:*:*:*:*:*"
    ],
    "vendor": "wolfssl",
    "product": "wolfcrypt",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "git",
        "lessThanOrEqual": "5.6.6"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable

CVSS3

6.7

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

20.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-2881