CVE-2024-1545 — Vulnetix

CVE-2024-1545 PUBLISHED CVSS 5.900000095367432 MEDIUM

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

EPSS 0.23% · 46.1th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

EPSS Score

0.23%

46.1th percentile

Affected Products

Vendor	Product	Versions
wolfssl	wolfssl	5.6.6
WolfSSL	wolfCrypt	0
wolfssl	wolfcrypt	0

Timeline

Aug 29, 2024 CVE Published
Aug 30, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 9, 2024 EPSS Score
Oct 30, 2024 EPSS Score
Nov 19, 2024 EPSS Score
Dec 10, 2024 EPSS Score
Dec 30, 2024 EPSS Score
Jan 19, 2025 EPSS Score
Mar 1, 2025 EPSS Score
Mar 21, 2025 EPSS Score

References

https://github.com/wolfSSL/wolfssl/pull/7167 url
https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable url
https://nvd.nist.gov/vuln/detail/CVE-2024-1545 advisory

Open in Interactive Console →