CVE-2024-5288
CVSS V2 None
CVSS V3 None
Description
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,
such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.
Overview
- CVE ID
- CVE-2024-5288
- Assigner
- wolfSSL
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-27T18:36:28.555Z
- Last Modified Date
- 2024-08-27T19:23:20.376Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-5288 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-28 13:09:05 | Added to TrackCVE |