CVE-2019-19962Improper Verification of Cryptographic Signature in Wolfssl

CWE-347Improper Verification of Cryptographic SignatureCWE-327Use of a Broken or Risky Cryptographic Algorithm5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 59.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WolfsslDebian Wolfssl
Timeline
PublishedDec 25
Latest updateMay 24

Description

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/wolfssl< wolfssl 4.3.0+dfsg-1 (bookworm)
NVDwolfssl/wolfssl< 4.3.0
Debianwolfssl/wolfssl< 4.3.0+dfsg-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-w5pp-v599-fpjp: wolfSSL before 42022-05-24
OSV
CVE-2019-19962: wolfSSL before 42019-12-25

📋Vendor Advisories

1
Debian
CVE-2019-19962: wolfssl - wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fa...2019

📄Research Papers

1
arXiv
JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms2020-04-04
CVE-2019-19962 — Wolfssl vulnerability | cvebase