VDB
CVE-2021-24116
CVE-2021-24116
PUBLISHED
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
EPSS 0.25% · 48.7th percentile
Risk Scores
EPSS Score
0.25%
48.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | wolfssl | 4.6.0-3, 0, 5.2.0-2 |
| Ubuntu:25.10 | wolfssl | 5.7.2-0.1, 0 |
| Ubuntu:20.04:LTS | wolfssl | 4.2.0+dfsg-3, 4.3.0+dfsg-2, 0 |
| Ubuntu:24.04:LTS | wolfssl | 5.6.6-1.3, 0, 5.5.4-2.1 |
| Ubuntu:18.04:LTS | wolfssl | 3.10.2+dfsg-2, 3.12.2+dfsg-1, 3.12.0+dfsg-1 |
| Ubuntu:16.04:LTS | wolfssl | 0, * |
Exploit Intelligence
Timeline
- Jul 14, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Jul 22, 2021 CVE Updated
- Sep 13, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 10, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 9, 2022 EPSS Score
- Sep 6, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-24116 third-party-advisory
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md third-party-advisory
- https://github.com/wolfSSL/wolfssl/releases third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-24116 third-party-advisory