CVE-2015-7744

moderate-risk

Published 2016-01-22

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

Do I need to act?

2.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (5)

Opensuse

Mariadb

Wolfssl

Leap

Opensuse

Affected Vendors

Mariadb Wolfssl Opensuse

References (18)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html

Release Notes http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html

Third Party Advisory http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Vendor Advisory http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Broken Link http://www.securitytracker.com/id/1034708

Exploit https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf

Exploit https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-f...

Vendor Advisory https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_...