CVE-2022-42961

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.5.0

Description An issue was discovered in wolfSSL that allows a fault injection attack on RAM via Rowhammer, leading to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery.

Recommendations For versions prior to 5.5.0, consider using the WOLFSSL CHECK SIG FAULTS option, available in version 5.5.0 and later, to address the vulnerability. Update to version 5.5.0 or later to fully resolve the issue.