CVE-2025-14505

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

Elliptic 安全漏洞

Elliptic is a fast elliptic curve cryptographic library in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic 6.6.1 and earlier versions, which stems from a miscalculation of the k-value in the ECDSA implementation and could lead to key disclosure...

K000156613: OpenSSL for PowerPC vulnerability CVE-2025-27587

Security Advisory Description OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures...

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

Bouncy Castle JCE Provider Information Disclosure Vulnerability

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in the generation of DSA signatures in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker can exploit this vulnerability to obtain information about the k-value of the signature, and thus...

DEBIAN-CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...