SB2021071216 - Side-Channel attack in wolfSSL
Published: July 12, 2021
Security Bulletin ID
SB2021071216
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Side channel attack (CVE-ID: CVE-2021-24116)
CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable timing discrepancy in base64 PEM decoding.A local user can gain access to sensitive information.Remediation
Install update from vendor's website.