An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).
References
Link | Resource |
---|---|
https://arxiv.org/abs/2008.12188 | Exploit Third Party Advisory |
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable | Third Party Advisory |
https://arxiv.org/abs/2008.12188 | Exploit Third Party Advisory |
https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://arxiv.org/abs/2008.12188 - Exploit, Third Party Advisory | |
References | () https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable - Third Party Advisory |
Information
Published : 2020-08-21 14:15
Updated : 2024-11-21 05:05
NVD link : CVE-2020-15309
Mitre link : CVE-2020-15309
CVE.ORG link : CVE-2020-15309
JSON object : View
Products Affected
wolfssl
- wolfssl
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')