23 matches found
EUVD-2020-9430
Malware in sbrugna...
EUVD-2020-27973
Malware in sbrugna...
EUVD-2022-28115
Malicious code in bioql PyPI...
An Efficient Hardware Implementation of Elliptic Curve Point Multiplication over $GF(2^M)$ on FPGA
Elliptic Curve Cryptography ECC is widely accepted for ensuring secure data exchange between resource-limited IoT devices. The National Institute of Standards and Technology NIST recommended implementation, such as B-163, is particularly well-suited for Internet of Things IoT applications. Here,...
Efficient Modular Multiplier over GF (2^M) for ECPM
Elliptic curve cryptography ECC has emerged as the dominant public-key protocol, with NIST standardizing parameters for binary field GF2^m ECC systems. This work presents a hardware implementation of a Hybrid Multiplication technique for modular multiplication over binary field GF2m, targeting NI...
CVE-2020-17478
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm...
Debian dla-3327 : libnss3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3327 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3327-1 [email protected]...
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...
Code injection
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario,...
CVE-2022-23004 Algorithm incorrectly returning error and Invalid unreduced value written to output buffer
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario,...
CVE-2022-23003 Shared secret or Point multiplication of NIST P-256 points with X coordinate of zero
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be...
PT-2022-15772 · Western Digital +1 · Sweet B Library +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when computing a shared secret or point multiplication on the NIST P-256 curve, resulting in an X coordinate of zero. The output is not...
NewStart CGSL MAIN 6.02 : nss Multiple Vulnerabilities (NS-SA-2021-0121)
The remote NewStart CGSL host, running version MAIN 6.02, has nss packages installed that are affected by multiple vulnerabilities: - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel...
Oracle Linux 8 : nss (ELSA-2021-0538)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0538 advisory. - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC. Tenable has extracted the preceding...
Amazon Linux 2 : nspr, nss-softokn, nss-util, nss (ALAS-2020-1559)
The version of nspr installed on the remote host is prior to 4.25.0-2. The version of nss installed on the remote host is prior to 3.53.1-3. The version of nss-softokn installed on the remote host is prior to 3.53.1-6. The version of nss- util installed on the remote host is prior to 3.53.1-1. It...
CVE-2020-6829
CVE-2020-6829 is a vulnerability in NSS (Network Security Services) libraries (nss, nss-util, nss-softokn, nspr) where the wNAF scalar point multiplication during ECDSA signature generation leaks partial nonce information. This side-channel can enable an attacker with electromagnetic traces from ...
CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...
CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...
CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...
KLA11942 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, spoof user interface. Below is a complete list of...