CVE-2022-42961

{"id": "CVE-2022-42961", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-10-15T04:15:17.703", "references": [{"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)"}, {"lang": "es", "value": "Se ha detectado un problema en wolfSSL versiones anteriores a 5.5.0. Un ataque de inyecci\u00f3n de fallos en la RAM por medio de Rowhammer conlleva a una divulgaci\u00f3n de claves ECDSA. Los usuarios que llevan a cabo operaciones de firma con claves ECC privadas, como en las conexiones TLS del lado del servidor, podr\u00edan filtrar firmas ECC defectuosas. Estas firmas pueden ser procesadas por medio de una t\u00e9cnica avanzada de recuperaci\u00f3n de claves ECDSA. (En la versi\u00f3n 5.5.0 y posteriores, puede usarse WOLFSSL_CHECK_SIG_FAULTS para abordar la vulnerabilidad)"}], "lastModified": "2025-05-14T15:15:53.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "429B1D46-A7C6-4510-89E4-88222C933D0B", "versionEndExcluding": "5.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}