An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"vendor_product": "wolfssl:wolfssl",
"extracted_events": [
{
"fixed": "4.3.0"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "4.3.0"
}
]
}
]
}