Software Development Kit
CVE-2015-5738
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
AnalysisAI
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. Affected products include: Marvell Software Development Kit, F5 Traffix Signaling Delivery Controller.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Software Development Kit
View allA Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
In wlan service, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS
In wlan service, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS
In wlan AP FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9
Remote privilege escalation in Android WLAN AP driver via packet injection.
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVS
In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS
In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today