Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6935

Published: 09/02/2024 Updated: 11/02/2024

Vulnerability Summary

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an malicious user to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.

Vendor Advisories

Debian CVElist Bug Report Logs: wolfssl: CVE-2023-6935 CVE-2023-6936 CVE-2023-6937
Debian Bug report logs - #1059357 wolfssl: CVE-2023-6935 CVE-2023-6936 CVE-2023-6937 Package: src:wolfssl; Maintainer for src:wolfssl is Jacob Barthelmeh <sirkilamole@msncom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Dec 2023 12:51:01 UTC Severity: important Tags: security, upstream Found ...

Github Repositories

https://github.com/wolfSSL/Arduino-wolfSSL

This repository is a restructured copy of https://github.com/wolfSSL/wolfssl/ for the Arduino environment. Any Pull Requests for code changes should be opened there.

Arduino wolfSSL Library The library is modified from wolfSSL Release 566 for the Arduino platform wolfSSL Embedded SSL/TLS Library The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set It is com

https://github.com/wolfSSL/wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!

wolfSSL Embedded SSL/TLS Library The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set It is commonly used in standard operating environments as well because of its royalty-free pricing and excelle

References

https://people.redhat.com/~hkario/marvin/https://www.wolfssl.com/docs/security-vulnerabilities/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059357https://nvd.nist.govhttps://github.com/wolfSSL/Arduino-wolfSSL
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook