Nixpkgs security tracker

Untriaged

Permalink CVE-2024-1545

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 2 months, 2 weeks ago

Fault Injection of RSA encryption in WolfCrypt

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

References

Affected products

wolfssl

=<5.6.6

wolfcrypt

=<5.6.6

Matching in nixpkgs

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

nixos-unstable 5.8.2
- nixpkgs-unstable 5.8.2
- nixos-unstable-small 5.8.2
nixos-25.11 5.8.2
- nixpkgs-25.11-darwin 5.8.2

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@vifino Adrian Pistol <vifino@tty.sh>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.wolfssl

Package maintainers