CVE-2024-1543 — Observable Timing Discrepancy in Wolfssl

CWE-208 — Observable Timing Discrepancy CWE-203 — Observable Discrepancy5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 87.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azure Linux 3.0 ARM +3 more

Timeline

PublishedAug 29

Latest updateAug 30

Description

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶debiandebian/wolfssl< wolfssl 5.6.6-1.2 (forky)

▶NVDwolfssl/wolfssl< 5.6.6

▶Debianwolfssl/wolfssl< 5.6.6-1.2+1

▶CVEListV5wolfssl/wolfssl5.6.5

▶msrcmsrc/azure_linux_3.0_arm

🔴Vulnerability Details

GHSA

GHSA-w782-gjg9-cjx6: The side-channel protected T-Table implementation in wolfSSL up to version 5↗2024-08-30

▶

OSV

CVE-2024-1543: The side-channel protected T-Table implementation in wolfSSL up to version 5↗2024-08-29

▶

📋Vendor Advisories

Microsoft

AES T-Table sub-cache-line leakage↗2024-08-13

▶

Debian

CVE-2024-1543: wolfssl - The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5...↗2024

▶