All errata/sisyphus/ALT-PU-2024-14756-2
ALT-PU-2024-14756-2

Package update wolfssl in branch sisyphus

Version5.7.4-alt1
Task#360768
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (8)

BDU:2024-07076
MEDIUM5.1

Уязвимость конфигурации WOLFSSL_CHECK_SIG_FAULTS библиотеки SSL/TLS WolfSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-09-16
CVSS 3.xMEDIUM 5.1
CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.0
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:N/A:N
References
BDU:2024-07276
HIGH7.5

Уязвимость функции MatchDomainName() библиотеки SSL/TLS WolfSSL, позволяющая нарушителю оказать влияние на доступность защищаемой информации

Published: 2024-09-20
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2024-07277
MEDIUM5.3

Уязвимость реализации протокола TLS библиотеки SSL/TLS WolfSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-09-20
CVSS 3.xMEDIUM 5.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2024-07281
MEDIUM4.1

Уязвимость функции wc_ecc_sign_hash() библиотеки SSL/TLS WolfSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-09-20
CVSS 3.xMEDIUM 4.1
CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0LOW 3.8
CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:N/A:N
References
CVE-2024-1544
MEDIUM4.9

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.

Published: 2024-08-27Modified: 2026-01-27
CVSS 3.xMEDIUM 4.9
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
References
CVE-2024-5288
MEDIUM5.9

An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.

Published: 2024-08-27Modified: 2025-02-27
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References
CVE-2024-5814
MEDIUM5.1

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500

Published: 2024-08-27Modified: 2025-12-06
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 4.0MEDIUM 5.1
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:M/U:Green
References
CVE-2024-5991
CRITICAL10.0

In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0.

Published: 2024-08-27Modified: 2024-09-06
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 4.0CRITICAL 10.0
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References