Lucene search
+L

8 matches found

osv
osv
added 2026/03/19 8:16 p.m.5 views

UBUNTU-CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

4.7CVSS5.8AI score0.00128EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/03/19 8:16 p.m.10 views

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

4.7CVSS5.9AI score0.00128EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/03/19 7:46 p.m.6 views

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

4.7CVSS5.8AI score0.00128EPSS
Exploits0
veracode
veracode
added 2018/11/26 2:50 a.m.48 views

Timing Attack

openssl is vulnerable to Timing Attack. An attacker with access to mount a local timing attack during the ECDSA signature generation is able to exploit the vulnerability in the ECC scalar mmultiplication to recover the private key...

4.7CVSS5.6AI score0.03418EPSS
Exploits4References31Affected Software21
openvas
openvas
added 2018/11/22 12:0 a.m.87 views

OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) - Windows

OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

4.7CVSS6AI score0.03418EPSS
Exploits4References8
openvas
openvas
added 2018/11/22 12:0 a.m.121 views

OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) - Linux

OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

4.7CVSS6AI score0.03418EPSS
Exploits4References8
freebsd
freebsd
added 2018/11/12 12:0 a.m.460 views

OpenSSL -- timing vulnerability

The OpenSSL project reports: Microarchitecture timing vulnerability in ECC scalar multiplication. Severity: Low OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to...

4.7CVSS2.1AI score0.03418EPSS
Exploits4References1
openssl
openssl
added 2018/11/02 12:0 a.m.78 views

Vulnerability in OpenSSL - Microarchitecture timing vulnerability in ECC scalar multiplication

OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. Found by Alejandro...

5.6AI score0.03418EPSS
Exploits4Affected Software1
Rows per page
Query Builder