wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
References
Link | Resource |
---|---|
https://gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f | Exploit Third Party Advisory |
https://github.com/wolfSSL/wolfssl/pull/2894/ | Patch Third Party Advisory |
Configurations
History
01 Jan 2022, 18:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-203 | |
References | (MISC) https://gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f - Exploit, Third Party Advisory |
Information
Published : 2020-04-12 17:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-11713
Mitre link : CVE-2020-11713
CVE.ORG link : CVE-2020-11713
JSON object : View
Products Affected
wolfssl
- wolfssl
CWE
CWE-203
Observable Discrepancy