33 matches found
CVE-2017-13097
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious case...
CVE-2017-13094
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most...
CVE-2017-13093
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases...
CVE-2017-13092
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...
CVE-2017-13096
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases,...
CVE-2017-13091
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in t...
Code injection
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases...
Design/Logic Flaw
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases,...
Design/Logic Flaw
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious case...
Code injection
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in t...
Code injection
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable...
Code injection
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most...
CVE-2017-13096
CVE-2017-13096 concerns the IEEE P1735 standard where the Rights Block (RSA-encrypted AES key) can be modified to remove or relax access control. The connected sources document a cryptographic design flaw that enables an attacker with access to EDA tools or to the standard’s workflow to alter rig...
CVE-2017-13091
CVE-2017-13091 concerns the IEEE P1735 standard’s handling of encryption for electronic-design IP. The issue arises from improperly specified padding in CBC mode, which can enable an EDA tool to function as a decryption oracle and, in the worst cases, allow recovery of the entire underlying plain...
CVE-2017-13097
CVE-2017-13097 refers to a weakness in the IEEE P1735 standard where an attacker can modify the Rights Block to remove or relax license requirements. The associated CERT/NVD entries describe this as part of a broader set of flaws in P1735 that can enable recovery of plaintext IP and insertion of ...
CVE-2017-13092
CVE-2017-13092 involves the IEEE P1735 standard and a flaw in hardware description language (HDL) syntax that can allow an electronic design automation (EDA) tool to act as a decryption oracle. The vulnerability enables recovery of plaintext IP from encrypted designs and may enable insertion of h...
CVE-2017-13092 The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...
CVE-2017-13093 The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases...
CVE-2017-13094
The CVE-2017-13094 entry concerns flaws in the IEEE P1735 cryptographic workflow for encrypting electronic-design IP. The available documents describe that the standard enables manipulation of the encryption key and insertion of hardware trojans into IP, potentially allowing an attacker to recove...
CVE-2017-13095
CVE-2017-13095 is a vulnerability in the IEEE P1735 encryption workflow where an attacker can modify a license-deny response to a license grant (or vice versa) within the EDA/tooling workflow. The connected sources describe this as part of the P1735 weaknesses that can enable IP theft or the inse...