CVE-2021-24116

MEDIUM

Wolfssl < 4.6.0 - Information Disclosure

Title source: rule

Description

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

References (2)

[Release Notes, Third Party Advisory] https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md

View Writeup ZIP pw:eip

[Release Notes, Third Party Advisory] https://github.com/wolfSSL/wolfssl/releases

Scores

CVSS v3 4.9

EPSS 0.0025

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-203

Status published

Products (1)

wolfssl/wolfssl < 4.6.0

Published Jul 14, 2021

Tracked Since Feb 18, 2026