CVE-2024-5288 (GCVE-0-2024-5288)
Vulnerability from cvelistv5
Published
2024-08-27 18:36
Modified
2024-08-27 19:23
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-922 - Insecure Storage of Sensitive Information
Summary
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.
References
Impacted products
Vendor Product Version
wolfSSL Inc. wolfSSL Version: 0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5288",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T19:22:54.638402Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T19:23:20.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "wolfSSL",
          "repo": "https://github.com/wolfSSL/wolfssl",
          "vendor": "wolfSSL Inc.",
          "versions": [
            {
              "lessThanOrEqual": "5.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kemal Derya"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "M. Caner Tol"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Berk Sunar"
        }
      ],
      "datePublic": "2024-07-08T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. W\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehen \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\n\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u0026nbsp;\u003c/span\u003eThe success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.\u003c/span\u003e"
            }
          ],
          "value": "An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\n\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-624",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-624 Fault Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-922",
              "description": "CWE-922 Insecure Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-27T18:36:28.555Z",
        "orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
        "shortName": "wolfSSL"
      },
      "references": [
        {
          "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Safe-error attack on TLS 1.3 Protocol",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
    "assignerShortName": "wolfSSL",
    "cveId": "CVE-2024-5288",
    "datePublished": "2024-08-27T18:36:28.555Z",
    "dateReserved": "2024-05-23T20:20:44.346Z",
    "dateUpdated": "2024-08-27T19:23:20.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-5288\",\"sourceIdentifier\":\"facts@wolfssl.com\",\"published\":\"2024-08-27T19:15:17.797\",\"lastModified\":\"2025-02-27T22:18:11.050\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\\n\\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en wolfSSL antes de 5.7.0. Un ataque de error seguro a trav\u00e9s de Rowhammer, concretamente FAULT+PROBE, conduce a la divulgaci\u00f3n de la clave ECDSA. Cuando se utiliza WOLFSSL_CHECK_SIG_FAULTS en operaciones de firma con claves ECC privadas, como en conexiones TLS del lado del servidor, la conexi\u00f3n se detiene si se produce alg\u00fan error. La tasa de \u00e9xito en una cierta cantidad de solicitudes de conexi\u00f3n se puede procesar mediante una t\u00e9cnica avanzada para la recuperaci\u00f3n de claves ECDSA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"facts@wolfssl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"facts@wolfssl.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7.2\",\"matchCriteriaId\":\"F0F4729E-754A-4CB1-A77D-1E1E97F0F69B\"}]}]}],\"references\":[{\"url\":\"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable\",\"source\":\"facts@wolfssl.com\",\"tags\":[\"Release Notes\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5288\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-27T19:22:54.638402Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-27T19:23:13.998Z\"}}], \"cna\": {\"title\": \"Safe-error attack on TLS 1.3 Protocol\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Kemal Derya\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"M. Caner Tol\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Berk Sunar\"}], \"impacts\": [{\"capecId\": \"CAPEC-624\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-624 Fault Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/wolfSSL/wolfssl\", \"vendor\": \"wolfSSL Inc.\", \"product\": \"wolfSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"5.7.0\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-07-08T17:30:00.000Z\", \"references\": [{\"url\": \"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\\n\\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. W\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ehen \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\\n\\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u0026nbsp;\u003c/span\u003eThe success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-922\", \"description\": \"CWE-922 Insecure Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"50d2cd11-d01a-48ed-9441-5bfce9d63b27\", \"shortName\": \"wolfSSL\", \"dateUpdated\": \"2024-08-27T18:36:28.555Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-5288\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-27T19:23:20.376Z\", \"dateReserved\": \"2024-05-23T20:20:44.346Z\", \"assignerOrgId\": \"50d2cd11-d01a-48ed-9441-5bfce9d63b27\", \"datePublished\": \"2024-08-27T18:36:28.555Z\", \"assignerShortName\": \"wolfSSL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.