CVE-2019-19962 (NVD)

2019-12-25

wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.

Products Wolfssl
Type Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
First patch - None (likely due to unavailable code)
Patches https://github.com/wolfSSL/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d
Links https://github.com/wolfSSL/wolfssl/releases/tag/v4.3.0-stable