Lucene search
GoogleOSV:GHSA-3494-CFWF-56HWHistoryApr 28, 2024 - 12:30 a.m.
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-2800:30:22
Google
osv.dev
24
mdanter/ecc
timing vulnerability
cryptographic side-channels
paragonie/ecc
php
composer package
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. (This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library.)
Paragon Initiative Enterprises hard-forked phpecc/phpecc and discovered the issue in the original code, then released v2.0.1 which fixes the vulnerability. The upstream code is no longer maintained and remains vulnerable for all versions.
Related
osv
osv
CVE-2024-33851
2024-04-27 22:15:08
vulnrichment
vulnrichment
CVE-2024-33851
2024-04-27 00:00:00
cve
cve
CVE-2024-33851
2024-04-27 22:15:08
friendsofphp
friendsofphp
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-24 12:02:00
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-24 12:02:00
veracode
veracode
Information Disclosure Through Timing Attack
2024-04-29 07:35:35
cvelist
cvelist
CVE-2024-33851
2024-04-27 00:00:00
nvd
nvd
CVE-2024-33851
2024-04-27 22:15:08
github
github
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-28 00:30:22