CVE-2024-1545

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

04 Sep 2024, 14:27

Type Values Removed Values Added
First Time Linux linux Kernel
Microsoft windows
Microsoft
Wolfssl
Linux
Wolfssl wolfssl
Summary
  • (es) La vulnerabilidad de inyección de fallas en la función RsaPrivateDecryption en wolfssl/wolfcrypt/src/rsa.c en WolfSSL wolfssl5.6.6 en Linux/Windows permite a un atacante remoto residir en el mismo sistema con un proceso víctima para divulgar información y escalar privilegios a través de la inyección de fallas de Rowhammer a la estructura RsaKey.
CPE cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CWE CWE-74
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 8.8
References () https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable - () https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable - Release Notes

29 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 23:15

Updated : 2024-09-04 14:27


NVD link : CVE-2024-1545

Mitre link : CVE-2024-1545

CVE.ORG link : CVE-2024-1545


JSON object : View

Products Affected

linux

  • linux_kernel

wolfssl

  • wolfssl

microsoft

  • windows
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1256

Hardware Features Enable Physical Attacks from Software

CWE-252

Unchecked Return Value