DEBIAN-CVE-2022-42961

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-42961
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-42961.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-42961
Upstream
Published
2022-10-15T04:15:17Z
Modified
2025-09-19T07:32:28.980823Z
Summary
[none]
Details

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSLCHECKSIG_FAULTS can be used to address the vulnerability.)

References

Affected packages

Debian:11 / wolfssl

Package

Name
wolfssl
Purl
pkg:deb/debian/wolfssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.0+p1-0+deb11u2

Affected versions

4.*

4.6.0-3
4.6.0+p1-0+deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / wolfssl

Package

Name
wolfssl
Purl
pkg:deb/debian/wolfssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / wolfssl

Package

Name
wolfssl
Purl
pkg:deb/debian/wolfssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / wolfssl

Package

Name
wolfssl
Purl
pkg:deb/debian/wolfssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}