CVE-2022-42961: 
NixOS vulnerability analysis and mitigation

A fault injection vulnerability (CVE-2022-42961) was discovered in wolfSSL before version 5.5.0. The vulnerability involves a Rowhammer attack on RAM that can lead to ECDSA key disclosure. This vulnerability affects users performing signing operations with private ECC keys, such as those used in server-side TLS connections (NVD, wolfSSL Release).

The vulnerability is classified as a fault injection attack that specifically targets RAM through Rowhammer technique. When users perform operations with private ECC keys, such as server-side TLS connections and creating ECC signatures, the attack can lead to the disclosure of ECDSA keys. The vulnerability is considered Low severity and affects systems that could be targeted with a sophisticated Rowhammer attack (wolfSSL Release).

The primary impact of this vulnerability is the potential disclosure of ECDSA private keys. This could compromise the security of TLS connections and digital signatures, particularly affecting server-side operations where private ECC keys are used for authentication and secure communication (NVD).

The vulnerability has been addressed in wolfSSL version 5.5.0. Users should update to this version or later and compile using the macro WOLFSSLCHECKSIG_FAULTS. This is particularly important for users who have hardware that could be targeted with a Rowhammer attack (wolfSSL Release).