An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIG_FAULTS is used in signing operations with private ECC keys,
such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.
{
"cwe_ids": [
"CWE-922"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/5xxx/CVE-2024-5288.json",
"cna_assigner": "wolfSSL"
}{
"cpe": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "5.7.0"
},
{
"fixed": "5.7.2"
}
],
"source": [
"AFFECTED_FIELD",
"CPE_RANGE",
"REFERENCES"
]
}