Home

CVE-2015-7744

Description

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.661

Associated Vulnerability

VulnerabilityOS Platform
Update MariaDB to 10.0.22Windows
Update MariaDB to 10.1.9Windows
Update MariaDB to 5.5.46Windows
Multiple vulnerabilities affected in Mysql 5.6.21Windows
Multiple vulnerabilities affected in Mysql 5.6.22Windows
Multiple vulnerabilities affected in Mysql 5.6.23Windows
Multiple vulnerabilities affected in Mysql 5.6.24Windows
Multiple vulnerabilities affected in Mysql 5.6.25Windows
Multiple vulnerabilities affected in Mysql 5.6.26Windows
Multiple vulnerabilities affected in Mysql 5.6.35Windows
Multiple vulnerabilities affected in Mysql 5.6.9Windows
Vulnerabilities CVE-2013-5908,CVE-2014-2431,CVE-2015-7744 are affected in Mysql 2.6Windows
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Desktop 11-SP3 ) libmysql55client18-5.5.47-0.17.1.x86_64.rpmLinux
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Desktop 11-SP3 ) libmysql55client18-32bit-5.5.47-0.17.1.x86_64.rpmLinux
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Desktop 11-SP3 ) libmysql55client_r18-5.5.47-0.17.1.x86_64.rpmLinux
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Desktop 11-SP3 ) libmysql55client_r18-32bit-5.5.47-0.17.1.x86_64.rpmLinux
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Desktop 11-SP3 ) mysql-5.5.47-0.17.1.x86_64.rpmLinux
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Desktop 11-SP3 ) mysql-client-5.5.47-0.17.1.x86_64.rpmLinux
SUSE-SU-2016:0348-1(SUSE Linux Enterprise Server 11-SP3 ) mysql-tools-5.5.47-0.17.1.x86_64.rpmLinux
Update MariaDB to 10.0.22 (For Linux)Linux
Update MariaDB to 10.1.9 (For Linux)Linux
Update MariaDB to 5.5.46 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.21 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.22 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.23 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.24 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.25 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.26 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.35 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.9 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234