CVE-2021-24116

NameCVE-2021-24116
DescriptionIn wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs991663

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bookworm, sid, bullseye4.6.0-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wolfsslsource(unstable)(unfixed)991663

Notes

[bullseye] - wolfssl <no-dsa> (Minor issue)
https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable

Search for package or bug name: Reporting problems