3242 matches found
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...
GHSA-3W84-4MJC-RJW7 IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...
CVE-2023-26557
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
Mailman Core vulnerable to timing attacks
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...
PYSEC-2023-22
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...
CVE-2021-34337
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...
UBUNTU-CVE-2021-34337
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...
GNU Mailman 安全漏洞
GNU Mailman is a free suite of software for managing e-mail discussions and e-mail lists from the GNU community in the United States. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding...
CVE-2021-34337
Affected software: Mailman Core before 3.3.5. Vulnerability: REST API timing attack could allow an attacker with local access to deduce the configured REST API password and then perform arbitrary REST API calls. The REST API is bound to localhost by default, but can be configured to listen on oth...
GitHub Security Lab: [Python]: Timing attack
Vulnerability description not provided...
Timing Attack
github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...
HashiCorp Vault 安全漏洞
HashiCorp Vault is a private key access management tool from the US-based HashiCorp. HashiCorp Vault suffers from a security vulnerability that stems from vulnerability to a cache timing attack, where an attacker who is able to observe a large number of unblocking operations on a host through a...
openssl security and bug fix update
An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...
RLSA-2023:0946 Important: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: read buffer overflow in...
Rocky Linux 9 : openssl (RLSA-2023:0946)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0946 advisory. - A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after...
openssl security update
An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...
RLSA-2023:1405 Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...
AlmaLinux 8 : openssl (ALSA-2023:1405)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...
Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...
ALSA-2023:1405 Important: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...