What is the severity of CVE-2023-6935?

CVE-2023-6935 has been classified as a high severity vulnerability due to its potential impact on RSA security.

How do I fix CVE-2023-6935?

To fix CVE-2023-6935, it is recommended to disable the WOLFSSL_STATIC_RSA option in your configuration.

What systems are affected by CVE-2023-6935?

CVE-2023-6935 affects wolfSSL versions between 3.12.2 and 5.6.4 that have been configured with the --enable-all option and WOLFSSL_STATIC_RSA defined.

What attack does CVE-2023-6935 relate to?

CVE-2023-6935 is related to the Marvin Attack, which is a new variation of a timing attack similar to the Bleichenbacher attack.

What is the impact of CVE-2023-6935?

The impact of CVE-2023-6935 includes potential unauthorized access or decryption of sensitive information using RSA keys.

Vulnerability/
CVE-2023-6935

medium

5.9

CWE

203

9/2/2024

7/11/2024

CVE-2023-6935: Marvin Attack vulnerability in SP Math All RSA

First published: Fri Feb 09 2024(Updated: )

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.

Credit: facts@wolfssl.com

Affected Software	Affected Version	How to fix
wolfSSL wolfMQTT	>=3.12.2<=5.6.4

Remedy

Upgrade wolfSSL to 5.6.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-6935?
CVE-2023-6935 has been classified as a high severity vulnerability due to its potential impact on RSA security.
How do I fix CVE-2023-6935?
To fix CVE-2023-6935, it is recommended to disable the WOLFSSL_STATIC_RSA option in your configuration.
What systems are affected by CVE-2023-6935?
CVE-2023-6935 affects wolfSSL versions between 3.12.2 and 5.6.4 that have been configured with the --enable-all option and WOLFSSL_STATIC_RSA defined.
What attack does CVE-2023-6935 relate to?
CVE-2023-6935 is related to the Marvin Attack, which is a new variation of a timing attack similar to the Bleichenbacher attack.
What is the impact of CVE-2023-6935?
The impact of CVE-2023-6935 includes potential unauthorized access or decryption of sensitive information using RSA keys.

agent/remedy
agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
vendor/wolfssl
canonical/wolfssl wolfmqtt
version/wolfssl wolfmqtt/3.12.2
version/wolfssl wolfmqtt/5.6.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.