CVE-2024-2881

Name of the Vulnerable Software and Affected Versions WolfSSL versions 5.6.6 and earlier

Description The issue is related to a Fault Injection vulnerability in the wc ed25519 sign msg function in WolfSSL, which affects the ed25519 key structure. This vulnerability allows a remote attacker co-residing in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection. The vulnerability is present in the wolfssl/wolfcrypt/src/ed25519.c file and affects Linux and Windows systems.

Recommendations For WolfSSL version 5.6.6 and earlier, upgrade the affected component to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the wc ed25519 sign msg function until a patch is available. Avoid using the ed25519 key structure in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.