#VU54674 Side channel attack in wolfSSL - CVE-2021-24116
Published: July 12, 2021
Vulnerability identifier: #VU54674
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-24116
CWE-ID: CWE-208
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
wolfSSL
wolfSSL
Software vendor:
wolfSSL
wolfSSL
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable timing discrepancy in base64 PEM decoding.A local user can gain access to sensitive information.Remediation
Install updates from vendor's website.