First published: Wed Jul 14 2021(Updated: )
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <4.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24116 is a side-channel vulnerability in base64 PEM file decoding in wolfSSL through version 4.6.0.
Anyone using wolfSSL version up to and including 4.6.0 is affected by CVE-2021-24116.
CVE-2021-24116 has a severity rating of 4.9, which is considered medium.
CVE-2021-24116 can be exploited by system-level attackers to obtain information about secret RSA keys through a controlled-channel and side-channel attack on software running in isolated environments.
To fix CVE-2021-24116, users should upgrade to a version of wolfSSL that is above 4.6.0.