Kemal Derya

**Name of the Vulnerable Software and Affected Versions** wolfSSL versions prior to 5.7.0 **Description** An issue was discovered in wolfSSL that leads to ECDSA key disclosure via a safe-error attack using Rowhammer, known as FAULT+PROBE. When `WOLFSSL CHECK SIG FAULTS` is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery. **Recommendations** To resolve the issue, update to wolfSSL version 5.7.0 or later. As a temporary workaround, consider disabling the use of `WOLFSSL CHECK SIG FAULTS` in signing operations with private ECC keys until a patch is available. Restrict access to server-side TLS connections to minimize the risk of exploitation. Avoid using private ECC keys in signing operations until the issue is resolved.