CVE-2021-24116
MEDIUMwolfssl < 4.6.0 - Side-Channel Information Disclosure via Base64 PEM Decoding
Title source: llmDescription
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/wolfSSL/wolfssl/releases
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
Scores
CVSS v3
4.9
EPSS
0.0104
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (1)
wolfssl/wolfssl
< 4.6.0
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026