Gorka Irazoqui Apecechea

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 3.9.10 **Description** The issue in the C software implementation of ECC in wolfSSL makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. **Recommendations** For versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 3.9.10 **Description** The issue in the C software implementation of RSA in wolfSSL makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. **Recommendations** For versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 3.9.10 MySQL Server versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier **Description** The issue concerns a problem with the AES Encryption and Decryption implementation in wolfSSL, making it easier for local users to discover AES keys by leveraging cache-bank timing differences. In the case of MySQL Server, a vulnerability allows a high-privileged attacker with network access to compromise the server, potentially causing a hang or crash. **Recommendations** For wolfSSL versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue. For MySQL Server versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier, update to a version later than the specified affected versions to mitigate the risk.