ALT-PU-2021-1202-1
Closed vulnerabilities
Published: 2021-07-14
BDU:2022-02235
Уязвимость библиотеки SSL/TLS WolfSSL, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (4.9)
Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2021-01-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-36177
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
- https://github.com/wolfSSL/wolfssl/commit/63bf5dc56ccbfc12a73b06327361687091a4c6f7
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
- https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
- https://github.com/wolfSSL/wolfssl/pull/3426
- https://github.com/wolfSSL/wolfssl/pull/3426
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v4.6.0-stable
Published: 2021-07-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-24116
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Severity: MEDIUM (4.9)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References: