Lucene search
K

10 matches found

Broadcom
Broadcom
added 2026/01/27 12:0 a.m.15 views

Low-level invalid GF(2^m) parameters lead to OOB memory access

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

4.3CVSS7.3AI score0.05966EPSS
Exploits0
OSV
OSV
added 2025/04/03 12:53 p.m.4 views

OESA-2025-1352 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or...

4.3CVSS7.4AI score0.05966EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out-of-bound memory writes can cause the application to crash or even lead to remote code execution. However, in...

4.3CVSS7.2AI score0.05966EPSS
Exploits0References3
OSV
OSV
added 2024/10/16 5:15 p.m.7 views

AZL-78531 CVE-2024-9143 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

4.3CVSS6.6AI score0.05966EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/11 5:20 a.m.19 views

Side Channel Attack

libcryptopp.so is vulnerable to Timing Attack. The vulnerability arises from non-constant time scalar multiplication in ecp.cpp prime field curves with small leakage and algebra.cpp binary field curves with large leakage. This leakage allows an attacker to measure the duration of hundreds to...

5.9CVSS6.8AI score0.03245EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2019/07/30 5:15 p.m.21 views

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

5.9CVSS6.3AI score0.03245EPSS
Exploits1References6
Prion
Prion
added 2019/07/30 5:15 p.m.22 views

Information disclosure

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

4.3CVSS5.7AI score0.03245EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/30 5:15 p.m.20 views

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

5.9CVSS6.6AI score0.03245EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2019/07/30 4:26 p.m.23 views

CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

5.9CVSS5.9AI score0.03245EPSS
Exploits1
OSV
OSV
added 2011/05/31 8:55 p.m.3 views

DEBIAN-CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...

2.6CVSS7.6AI score0.0343EPSS
Exploits1References1
Rows per page
Query Builder