CVE-2016-7439

Published on: 12/13/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Wolfssl from Wolfssl contain the following vulnerability:

The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.

  • CVE-2016-7439 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
wolfSSL 3.9.10 Vulnerability Fixes Vendor Advisory
wolfssl.com
text/xml
URL Logo CONFIRM wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
wolfSSL CVE-2016-7439 Local Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 95050

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationWolfsslWolfsslAllAllAllAll
  • cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*: