Description
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
Remediation
References
Related Vulnerabilities
Jboss EAP Configuration Vulnerability (CVE-2008-3519)
Oracle JRE CVE-2013-0425 Vulnerability (CVE-2013-0425)
Envoy Proxy CVE-2024-45807 Vulnerability (CVE-2024-45807)
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8098)