Main Vulnerability Database Vulnerabilities #VU66876

#VU66876 Improper restriction of software interfaces to hardware features in wolfSSL - CVE-2022-42961

Published: August 31, 2022 / Updated: January 20, 2023

Vulnerability identifier: #VU66876

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-42961

CWE-ID: CWE-1256

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
wolfSSL

Software vendor:
wolfSSL

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way wolfSSL handles operations with private ECC keys such as server side TLS connections and creation of ECC signatures. A malicious server can perform fault injection attack on RAM (e.g. using Rowhammer attack) and obtain the ECDSA key.

Remediation

Install updates from vendor's website.

External links

https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable

#VU66876 Improper restriction of software interfaces to hardware features in wolfSSL - CVE-2022-42961

Description

Remediation

External links

Please verify you're human