Zhi Zhang

**Name of the Vulnerable Software and Affected Versions** Cryptopp Crypto++ version 8.9 **Description** A fault injection issue in the `SymmetricDecrypt` function, located in `cryptopp/elgamal.h`, allows an attacker to co-reside in the same system with a victim process. This enables the attacker to disclose information and escalate privileges. **Recommendations** For Cryptopp Crypto++ version 8.9, consider disabling the `SymmetricDecrypt` function in `cryptopp/elgamal.h` as a temporary workaround to minimize the risk of exploitation. Restrict access to sensitive information and processes to prevent privilege escalation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WolfSSL version 5.6.6 **Description** A Fault Injection vulnerability in the RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c allows a remote attacker co-residing in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. This issue affects the wolfcrypt library. **Recommendations** For version 5.6.6, consider disabling the RsaPrivateDecryption function as a temporary workaround until a patch is available. Restrict access to the wolfcrypt library to minimize the risk of exploitation. Avoid using the RsaKey structure in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.