Lucene search
GitHub Advisory DatabaseGHSA-3494-CFWF-56HWHistoryApr 28, 2024 - 12:30 a.m.
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-2800:30:22
GitHub Advisory Database
github.com
7
mdanter/ecc
timing vulnerability
cryptographic side-channels
phpecc
paragonie/ecc
branch-based timing leak
composer package
github
matyas danter ecc library
hard-forked
paragon initiative enterprises
upstream code
vulnerability
software
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. (This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library.)
Paragon Initiative Enterprises hard-forked phpecc/phpecc and discovered the issue in the original code, then released v2.0.1 which fixes the vulnerability. The upstream code is no longer maintained and remains vulnerable for all versions.
Affected configurations
Node
mdantereccRange≤1.0.0
ORparagonieeccRange0≥
ORparagonieeccRange<2.0.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| mdanter/ecc | le | 1.0.0 | |
| paragonie/ecc | ge | 0 | |
| paragonie/ecc | lt | 2.0.1 |
References
Related
cve
cve
CVE-2024-33851
2024-04-27 22:15:08
vulnrichment
vulnrichment
CVE-2024-33851
2024-04-27 00:00:00
osv
osv
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-28 00:30:22
CVE-2024-33851
2024-04-27 22:15:08
nvd
nvd
CVE-2024-33851
2024-04-27 22:15:08
cvelist
cvelist
CVE-2024-33851
2024-04-27 00:00:00
friendsofphp
friendsofphp
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-24 12:02:00
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-24 12:02:00
veracode
veracode
Information Disclosure Through Timing Attack
2024-04-29 07:35:35