KLA11524 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, perform cross-site scripting attack, obtain sensitive information, execute arbitrary code. Below is a...

golang: Elliptic curves carry propagation issue in x86-64 P-256

A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when static ECDH was used...

openssl: ECDSA P-256 timing attack key recovery

A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys...

nettle: secp256 calculation bug

The ecc256modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

DEBIAN-CVE-2011-4354

crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows...