Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

wolfcrypt

Source -

ADP

CNA CVEs -

0

ADP CVEs -

3

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-2881
Assigner-wolfSSL Inc.
ShareView Details
Assigner-wolfSSL Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 45.27%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 23:10
Updated-04 Sep, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fault Injection of EdDSA signature in WolfCrypt

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

Action-Not Available
Vendor-wolfsslWolfSSLwolfsslLinux Kernel Organization, IncMicrosoft Corporation
Product-windowswolfssllinux_kernelwolfCryptwolfcrypt
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-1256
Improper Restriction of Software Interfaces to Hardware Features
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-1545
Assigner-wolfSSL Inc.
ShareView Details
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.27%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 23:02
Updated-04 Sep, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fault Injection of RSA encryption in WolfCrypt

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

Action-Not Available
Vendor-wolfsslWolfSSLwolfsslLinux Kernel Organization, IncMicrosoft Corporation
Product-windowswolfssllinux_kernelwolfCryptwolfcrypt
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-1256
Improper Restriction of Software Interfaces to Hardware Features
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-1543
Assigner-wolfSSL Inc.
ShareView Details
Assigner-wolfSSL Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.03% / 7.61%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 22:43
Updated-04 Sep, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AES T-Table sub-cache-line leakage

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500

Action-Not Available
Vendor-wolfsslwolfSSLwolfssl
Product-wolfsslwolfSSLwolfcrypt
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy