Side channel attack in wolfSSL - CVE-2021-24116
Published: July 12, 2021
Vulnerability identifier: #VU54674
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-24116
CWE-ID: CWE-208
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: wolfSSL
Affected software:
wolfSSL
wolfSSL
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to observable timing discrepancy in base64 PEM decoding.A local user can gain access to sensitive information.How to mitigate CVE-2021-24116
Install updates from vendor's website.