CVE-2015-7744

Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.5.45 and earlier MySQL Server versions 5.6.26 and earlier wolfSSL versions prior to 3.6.8

Description The issue is related to errors in the code of the MySQL Server component, specifically in the encryption system. It allows a remote attacker to gain read access to data by exploiting the vulnerability through network packets. Additionally, the wolfSSL component, formerly known as CyaSSL, has a flaw in handling faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server. This makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, also known as a Lenstra attack.

Recommendations For MySQL Server versions 5.5.45 and earlier, update to a version later than 5.5.45 to resolve the issue. For MySQL Server versions 5.6.26 and earlier, update to a version later than 5.6.26 to resolve the issue. For wolfSSL versions prior to 3.6.8, update to version 3.6.8 or later to properly handle faults associated with the CRT process and prevent remote attackers from obtaining private RSA keys. As a temporary workaround, consider disabling the ephemeral key exchange without low memory optimizations on the server until a patch is available.