CVE-2024-5288

An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.4 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-27 19:15

Updated : 2025-02-27 22:18

NVD link : CVE-2024-5288

Mitre link : CVE-2024-5288

CVE.ORG link : CVE-2024-5288

JSON object : View

Products Affected

wolfssl

wolfssl

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2024-5288", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.4}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-08-27T19:15:17.797", "references": [{"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable", "tags": ["Release Notes"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-922"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\n\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en wolfSSL antes de 5.7.0. Un ataque de error seguro a trav\u00e9s de Rowhammer, concretamente FAULT+PROBE, conduce a la divulgaci\u00f3n de la clave ECDSA. Cuando se utiliza WOLFSSL_CHECK_SIG_FAULTS en operaciones de firma con claves ECC privadas, como en conexiones TLS del lado del servidor, la conexi\u00f3n se detiene si se produce alg\u00fan error. La tasa de \u00e9xito en una cierta cantidad de solicitudes de conexi\u00f3n se puede procesar mediante una t\u00e9cnica avanzada para la recuperaci\u00f3n de claves ECDSA."}], "lastModified": "2025-02-27T22:18:11.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0F4729E-754A-4CB1-A77D-1E1E97F0F69B", "versionEndExcluding": "5.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}