Your submission was sent successfully! Close

CVE-2020-15309

Published: 21 August 2020

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).

Priority

Low

CVSS 3 base score: 7.0

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Not vulnerable
(4.5.0+dfsg-2)
hirsute Not vulnerable
(4.5.0+dfsg-2)
impish Not vulnerable
(4.5.0+dfsg-2)
jammy Not vulnerable
(4.5.0+dfsg-2)
precise Does not exist

trusty Does not exist

upstream
Released (v4.5.0-stable)
xenial Ignored
(end of standard support, was needed)