CVE-2023-6935

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Feb 9, 2024

Updated: Feb 11, 2024

CWE ID 203

Summary

CVE-2023-6935 introduces a vulnerability in the wolfSSL SP Math All RSA implementation, making it susceptible to the Marvin Attack. This issue arises when the option "--enable-all CFLAGS=-DWOLFSSL_STATIC_RSA" is used during build configuration. The define "WOLFSSL_STATIC_RSA" enables static RSA cipher suites, which are not recommended and have been disabled by default since wolfSSL 3.6.6. Consequently, the default build since that version is not vulnerable to the Marvin Attack. The vulnerability, specific to static RSA cipher suites, allows an attacker to decrypt ciphertexts and forge signatures through a large number of probing observations, but it does not expose the server's private key.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database