8 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-1544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic...
Azure Linux 3.0 Security Update: mariadb (CVE-2024-1544)
The version of mariadb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1544 advisory. - Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular...
CBL Mariner 2.0 Security Update: mariadb (CVE-2024-1544)
The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1544 advisory. - Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular...
Slackware: Security Advisory (SSA:2024-253-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[slackware-security] netatalk
New netatalk packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/netatalk-3.2.8-i586-1slack15.0.txz: Upgraded. Bump bundled WolfSSL library to stable version 5.7.2, GitHub 1433. For more informatio...
Slackware Linux 15.0 / current netatalk Multiple Vulnerabilities (SSA:2024-253-01)
The version of netatalk installed on the remote host is prior to 3.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-253-01 advisory. New netatalk packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...
CVE-2024-1544 ECDSA nonce bias caused by truncation
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....
CVE-2024-1544
CVE-2024-1544 describes a bias in the ECDSA nonce generation when k is obtained as r mod n, where a control-flow dependent reduction leaks MSB bias in k. The issue can enable lattice-reduction based reconstruction of k for certain curves (e.g., SECP160R1 with about 15 bits of bias). The connected...