Vulnerability Description
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wolfssl | Wolfssl | < 4.6.0 |
Related Weaknesses (CWE)
References
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.mRelease NotesThird Party Advisory
- https://github.com/wolfSSL/wolfssl/releasesRelease NotesThird Party Advisory
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.mRelease NotesThird Party Advisory
- https://github.com/wolfSSL/wolfssl/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2021-24116?
CVE-2021-24116 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel an...
How severe is CVE-2021-24116?
CVE-2021-24116 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24116?
Check the references section above for vendor advisories and patch information. Affected products include: Wolfssl Wolfssl.