ALT-PU-2024-18314-1

Обновление пакета wolfssl в ветке sisyphus

Версия5.7.0-alt1

Задание#343586

Опубликовано2024-03-26

Макс. серьёзностьCRITICAL

Серьёзность:

Закрытые проблемы (3)

CRITICAL9.1

Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.

Опубликовано: 2024-03-25Изменено: 2025-12-15

CVSS 3.xКРИТИЧЕСКАЯ 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Ссылки

HIGH8.8

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

Опубликовано: 2024-08-29Изменено: 2026-01-27

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

HIGH8.8

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

Опубликовано: 2024-08-30Изменено: 2024-09-04

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable