CVE-2024-33851

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

CVE-2024-33851

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...

CVE-2024-33851

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...

CVE-2024-33851

The CVE-2024-33851 issue concerns phpecc (paragonie/phpecc) and related libraries (mdanter/ecc, paragonie/ecc). The root cause is a branch-based timing leak in Point addition, causing a timing side-channel that can reveal sensitive information. Affected software includes phpecc/phpecc (and all ve...

CVE-2024-33851

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...

PT-2024-25510 · Phpecc +1 · Phpecc +2

Name of the Vulnerable Software and Affected Versions: phpecc versions prior to 2.0.1 paragonie/ecc versions prior to 2.0.1 mdanter/ecc all versions Description: The issue is a branch-based timing leak in Point addition. This leak is related to the phpecc/phpecc library on GitHub and the Matyas...

CVE-2024-33851

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...

phpecc 安全漏洞

phpecc is a pure PHP elliptic curve cryptography library open-sourced by Paragon Initiative Enterprises. A security vulnerability exists in phpecc versions prior to 2.0.1, which stems from a branch-based timing leak in Point addition...

Malleable ECDSA Signature Attacks

PHPECC is vulnerable to malleable ECDSA signature attacks. The vulnerability is caused due to ECDSA signatures not being canonicalized, allowing for multiple valid representations of the same signature...

GHSA-346H-749J-R28W PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...