An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).
References
Link | Resource |
---|---|
https://arxiv.org/abs/2008.12188 | Exploit Third Party Advisory |
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-08-21 14:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-15309
Mitre link : CVE-2020-15309
CVE.ORG link : CVE-2020-15309
JSON object : View
Products Affected
wolfssl
- wolfssl
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')