CVE-2021-24116
First published: Wed Jul 14 2021(Updated: )
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WolfSSL wolfssl | <4.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24116?
CVE-2021-24116 is a side-channel vulnerability in base64 PEM file decoding in wolfSSL through version 4.6.0.
Who is affected by CVE-2021-24116?
Anyone using wolfSSL version up to and including 4.6.0 is affected by CVE-2021-24116.
What is the severity of CVE-2021-24116?
CVE-2021-24116 has a severity rating of 4.9, which is considered medium.
How can CVE-2021-24116 be exploited?
CVE-2021-24116 can be exploited by system-level attackers to obtain information about secret RSA keys through a controlled-channel and side-channel attack on software running in isolated environments.
How can I fix CVE-2021-24116?
To fix CVE-2021-24116, users should upgrade to a version of wolfSSL that is above 4.6.0.
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wolfssl
- canonical/wolfssl wolfssl