CVE-2025-3301

DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...

PT-2025-18163 · Series 2 · Series 2

Name of the Vulnerable Software and Affected Versions: Series 2 modules and SoCs affected versions not specified Description: A lack of hardware and software support for DPA countermeasures in ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 may result in exposure of...

CVE-2025-24400

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with...

PT-2024-6157 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.7.0 Description: An issue was discovered in wolfSSL that leads to ECDSA key disclosure via a safe-error attack using Rowhammer, known as FAULT+PROBE. When WOLFSSL CHECK SIG FAULTS is used in signing operations with...

SUSE CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

DEBIAN-CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

Updated libcryptopp packages fix security vulnerability

The updated packages fix a security vulnerability: Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The iss...

[ASA-201912-3] crypto++: private key recovery

Arch Linux Security Advisory ASA-201912-3 ========================================= Severity: High Date : 2019-12-06 CVE-ID : CVE-2019-14318 Package : crypto++ Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-1046 Summary ======= The package crypto++ before versi...