EUVD-2026-31396

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

JLSEC-2026-216 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with...

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

Approximating Euler Totient Function Using Linear Regression on RSA Moduli

The security of the RSA cryptosystem is based on the intractability of computing Euler's totient function phin for large integers n. Although deriving phin deterministically remains computationally infeasible for cryptographically relevant bit lengths, and machine learning presents a promising...

OESA-2025-1326 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or...

CLSA-2024-1718639724 openssl: Fix of 2 CVEs

CVE-2023-5678: Fix that DHcheckpubkey and DHgeneratekey don't check large modulus - CVE-2023-3446: Fix that checking excessively long DH keys or parameters may be very slow...

OpenSSL 1.1.1 < 1.1.1e Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1e. It is, therefore, affected by a vulnerability as referenced in the 1.1.1e advisory. - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...

AZL-42058 CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

Siemens SCALANCE, SIMATIC and RUGGEDCOM Products Command Injection (CVE-2022-0778)

The BNmodsqrt function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve paramete...

tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

SUSE CVE-2022-0778

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Security Advisory ID: BSA-2022-1752 Component: OpenSSL Revision: 2.0 The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. More information is at https://www.openssl.org/news/secadv/20220315.txt Affected Products Broca...

Important: aws-nitro-enclaves-acm

Issue Overview: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve...

OESA-2022-1603 openssl security update

Cryptography and SSL/TLS Toolkit. Security Fixes: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed...

UBUNTU-CVE-2022-0778

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BNmodsqrt function that calculates the square root of a...

Amazon Linux 2 : openssl (ALAS-2021-1687)

The version of openssl installed on the remote host is prior to 1.0.2k-19. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1687 advisory. An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per...

[SECURITY] Fedora 33 Update: roca-detect-1.2.12-15.fc33

This tool is related to the ACM CCS 2017 conference paper 124 Return of the Coppersmith=EF=BF=BD=EF=BF=BD=EF=BF=BDs Attack: Practical Factorization of Widely Used RSA Moduli. https://crocs.fi.muni.cz/public/papers/rsaccs17 Install this to test public RSA keys for the presence of the vulnerability...

Fedora: Security Advisory for roca-detect (FEDORA-2021-acd448b558)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2021-0086)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggest...