Wolfssl · Wolfssl · CVE-2022-42961
**Name of the Vulnerable Software and Affected Versions**
wolfSSL versions prior to 5.5.0
**Description**
An issue was discovered in wolfSSL that allows a fault injection attack on RAM via Rowhammer, leading to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery.
**Recommendations**
For versions prior to 5.5.0, consider using the `WOLFSSL CHECK SIG FAULTS` option, available in version 5.5.0 and later, to address the vulnerability.
Update to version 5.5.0 or later to fully resolve the issue.