Lucene search
GoogleOSV:CVE-2019-14318HistoryJul 30, 2019 - 5:15 p.m.
CVE-2019-14318
2019-07-3017:15:12
Google
osv.dev
4
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.
Related
prion
prion
Information disclosure
2019-07-30 17:15:00
Design/Logic Flaw
2023-08-22 19:16:00
nvd
nvd
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
veracode
veracode
Side Channel Attack
2023-10-11 05:20:52
debiancve
debiancve
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
nessus
nessus
openSUSE Security Update : libcryptopp (openSUSE-2019-1968)
2019-08-21 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0362)
2022-01-28 00:00:00
openSUSE: Security Advisory for libcryptopp (openSUSE-SU-2019:1968-1)
2019-08-21 00:00:00
cve
cve
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
archlinux
archlinux
[ASA-201912-3] crypto++: private key recovery
2019-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2019-14318
2019-07-30 00:00:00
CVE-2022-48570
2023-08-22 00:00:00
suse
suse
Security update for libcryptopp (moderate)
2019-08-20 00:00:00
mageia
mageia
Updated libcryptopp packages fix security vulnerability
2019-12-06 17:15:42
cvelist
cvelist
CVE-2019-14318
2019-07-30 16:26:56
CVE-2022-48570
2023-08-22 00:00:00
f5
f5
K000137107 : Crypto++ vulnerability CVE-2022-48570
2023-10-03 00:00:00
osv
osv
CVE-2022-48570
2023-08-22 19:16:32