CVE-2015-7744 — Improperly Implemented Security Check for Standard in Wolfssl

CWE-358 — Improperly Implemented Security Check for Standard9 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

2.7%

top 14.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Mariadb Debian Wolfssl +2 more

Timeline

PublishedJan 22

Latest updateMay 14

Description

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/wolfssl< wolfssl 3.9.10+dfsg-1 (bookworm)

▶NVDwolfssl/wolfssl< 3.6.8

▶Debianwolfssl/wolfssl< 3.9.10+dfsg-1+3

▶NVDmariadb/mariadb5.5.0 — 5.5.46+2

▶NVDopensuse/leap42.1

🔴Vulnerability Details

GHSA

GHSA-f7wf-fgwg-64px: wolfSSL (formerly CyaSSL) before 3↗2022-05-14

▶

OSV

CVE-2015-7744: wolfSSL (formerly CyaSSL) before 3↗2016-01-22

▶

📋Vendor Advisories

Red Hat

wolfSSL: insufficient hardening of RSA-CRT implementation (Oracle MySQL CPU Jan 2016)↗2015-01-20

▶

Debian

CVE-2015-7744: wolfssl - wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associate...↗2015

▶

💬Community

Bugzilla

mariadb: various flaws [fedora-all]↗2016-01-25

▶

Bugzilla

community-mysql: various flaws [fedora-all]↗2016-01-25

▶

Bugzilla

mariadb-galera: various flaws [fedora-all]↗2016-01-25

▶

Bugzilla

CVE-2015-7744 yaSSL, wolfSSL: insufficient hardening of RSA-CRT implementation (Oracle MySQL CPU Jan 2016)↗2016-01-25

▶