CVE-2024-1544

EPSS 0.02%
Veröffentlicht 27.08.2024 19:15:16
Zuletzt bearbeitet 28.08.2024 12:57:39
Quelle facts@wolfssl.com
Teams Watchlist Login
Unerledigt Login

Generating the ECDSA nonce k samples a random number r and then 
truncates this randomness with a modular reduction mod n where n is the 
order of the elliptic curve. Meaning k = r mod n. The division used 
during the reduction estimates a factor q_e by dividing the upper two 
digits (a digit having e.g. a size of 8 byte) of r by the upper digit of 
n and then decrements q_e in a loop until it has the correct size. 
Observing the number of times q_e is decremented through a control-flow 
revealing side-channel reveals a bias in the most significant bits of 
k. Depending on the curve this is either a negligible bias or a 
significant bias large enough to reconstruct k with lattice reduction 
methods. For SECP160R1, e.g., we find a bias of 15 bits.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerwolfSSL

≫

Produkt wolfSSL

Default Statusunknown

Version <= 5.6.4

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
facts@wolfssl.com	4.1	0.5	3.6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable

https://nvd.nist.gov/vuln/detail/CVE-2024-1544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1544

EUVD