CVE-2024-1545

Name of the Vulnerable Software and Affected Versions WolfSSL version 5.6.6

Description A Fault Injection vulnerability in the RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c allows a remote attacker co-residing in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. This issue affects the wolfcrypt library.

Recommendations For version 5.6.6, consider disabling the RsaPrivateDecryption function as a temporary workaround until a patch is available. Restrict access to the wolfcrypt library to minimize the risk of exploitation. Avoid using the RsaKey structure in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.