Astra Linux - уязвимость в openssl

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out-of-bound memory writes can cause the application to crash or even lead to remote code execution. However, in...

Low-level invalid GF(2^m) parameters lead to OOB memory access

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

OESA-2025-1352 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or...

AZL-78531 CVE-2024-9143 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

Side Channel Attack

libcryptopp.so is vulnerable to Timing Attack. The vulnerability arises from non-constant time scalar multiplication in ecp.cpp prime field curves with small leakage and algebra.cpp binary field curves with large leakage. This leakage allows an attacker to measure the duration of hundreds to...

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

Information disclosure

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

DEBIAN-CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...