15 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-13628
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable- sp-math contain a timing side channel in ECDSA signatu...
CVE-2024-22473
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...
Medium: openssl-snapsafe
Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...
Information Disclosure
Elliptic is vulnerable to Information Disclosure. The vulnerability is due to inadequate input validation in the ECDSA signing process. Specifically, the system accepts malformed inputs like strings or numbers without proper checks, which allows an attacker to craft input that can lead to the...
SUSE CVE-2024-13176
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
CVE-2024-22473
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...
PT-2024-19442 · Gecko Sdk · Gecko Sdk
Name of the Vulnerable Software and Affected Versions: Gecko SDK versions through 4.4.0 Description: The issue arises from the use of a True Random Number Generator TRNG before its initialization by the ECDSA signing driver when exiting low-power modes EM2/EM3 on Virtual Secure Vault VSE devices...
SUSE CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
nss: Side channel attack on ECDSA signature generation
A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDS...
jsrsasign
This is an open-source JavaScript library called jsrsasign, which provides cryptographic functions for RSA/RSAPSS/ECDSA/DSA signing and validation, ASN.1, PKCS1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, and CAdES. The library is available on Node.js and...
ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
UBUNTU-CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3840-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3840-1 advisory. Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a...
Ubuntu: Security Advisory (USN-3840-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3840-1 openssl, openssl1.0 vulnerabilities
Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. CVE-2018-0734 Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly...