CVE-2024-1545

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

04 Sep 2024, 14:27

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de inyección de fallas en la función RsaPrivateDecryption en wolfssl/wolfcrypt/src/rsa.c en WolfSSL wolfssl5.6.6 en Linux/Windows permite a un atacante remoto residir en el mismo sistema con un proceso víctima para divulgar información y escalar privilegios a través de la inyección de fallas de Rowhammer a la estructura RsaKey.
CWE CWE-74
First Time Microsoft windows
Linux
Wolfssl wolfssl
Microsoft
Wolfssl
Linux linux Kernel
References () https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable - () https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable - Release Notes
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:wolfssl:wolfssl:5.6.6:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 8.8

29 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 23:15

Updated : 2024-09-04 14:27


NVD link : CVE-2024-1545

Mitre link : CVE-2024-1545

CVE.ORG link : CVE-2024-1545


JSON object : View

Products Affected

linux

  • linux_kernel

wolfssl

  • wolfssl

microsoft

  • windows
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

CWE-252

Unchecked Return Value