#VU84842 Cryptographic issues in wolfSSL - CVE-2024-1543
Published: December 28, 2023 / Updated: September 4, 2024
Vulnerability identifier: #VU84842
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-1543
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
wolfSSL
wolfSSL
Software vendor:
wolfSSL
wolfSSL
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the "--enable-aes-bitsliced" configure option.
Remediation
Install updates from vendor's website.