Filtered by vendor Wolfssl
Subscriptions
Filtered by product Wolfssl
Subscriptions
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 4 Linux Kernel, Windows, Wolfcrypt and 1 more | 2024-09-04 | 5.9 Medium |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | ||||
| CVE-2024-1543 | 1 Wolfssl | 2 Wolfcrypt, Wolfssl | 2024-09-04 | 4.1 Medium |
| The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500 | ||||
| CVE-2024-5814 | 1 Wolfssl | 1 Wolfssl | 2024-08-28 | N/A |
| A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500 | ||||