PT-2020-12799 · Wolfssl · Wolfssl
Published
2020-04-12
·
Updated
2022-01-01
·
CVE-2020-11713
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
wolfSSL version 4.3.0
Description
The issue is related to the mulmod code in the
wc ecc mulmod ex function in ecc.c, which does not properly resist timing side-channel attacks. This could potentially allow an attacker to exploit the timing difference in the code to gain sensitive information.Recommendations
For wolfSSL version 4.3.0, consider applying a patch or fix that properly resists timing side-channel attacks in the
wc ecc mulmod ex function. As a temporary workaround, restrict access to the wc ecc mulmod ex function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wolfssl