How severe is CVE-2024-5288?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-5288?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2024-5288 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault occurs. The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery.

Related Vulnerabilities

CVE-2024-29965

MEDIUM

CVSS:5.9(Medium)

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local at...

CWE-9222024

CVE-2024-35526

MEDIUM

CVSS:5.9(Medium)

An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory.

CWE-9222024

CVE-2024-36788

MEDIUM

CVSS:5.9(Medium)

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router an...

CWE-9222024

CVE-2024-46635

MEDIUM

CVSS:5.9(Medium)

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter...

CWE-9222024

CVE-2023-52345

MEDIUM

CVSS:6.0(Medium)

In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed

CWE-9222023

CVE-2023-6253

MEDIUM

CVSS:6.0(Medium)

A saved encryption key in the Uninstaller in Digital Guardian's Agent before version 7.9.4 allows a local attacker to retrieve the uninstall key and remove the software by extracting the uninstaller k...

CWE-9222023