PT-2020-14347 · Wolfssl · Wolfssl
Ida Bruhns
·
Published
2020-08-21
·
Updated
2022-11-16
·
CVE-2020-15309
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
wolfSSL versions prior to 4.5.0
Description
An issue allows local attackers to conduct a cache-timing attack against public key operations. This could potentially expose sensitive information if the affected system has been used for private key operations, such as signing with a private key.
Recommendations
For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue.
Exploit
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wolfssl