PatchSiren

Wolfssl CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Wolfssl CVE published 2017-02-24

CVE-2017-6076

CVE-2017-6076 affects wolfSSL versions before 3.10.2. According to the published advisory text, the fp_mul_comba function can make it easier for a malicious user with access to view cache on a machine to extract RSA key information. The issue was published on 2017-02-24 and later NVD metadata confirms the fixed boundary at 3.10.2.