Lucene search

ECDH Private Key Disclosure

🗓️ 23 Aug 2019 01:35:44Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 20 Views

openpgp.js vulnerability ECDH Private Key disclosur

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Github Security Blog	Invalid Curve Attack in openpgp	23 Aug 201921:42	–	github
Cvelist	CVE-2019-9155	22 Aug 201915:48	–	cvelist
OSV	Invalid Curve Attack in openpgp	23 Aug 201921:42	–	osv
OSV	CVE-2019-9155	22 Aug 201916:15	–	osv
Prion	Design/Logic Flaw	22 Aug 201916:15	–	prion
Node.js	Invalid Curve Attack	6 Sep 201919:40	–	nodejs
CVE	CVE-2019-9155	22 Aug 201916:15	–	cve
NVD	CVE-2019-9155	22 Aug 201916:15	–	nvd

Vulners

Node

openpgp openpgpRange0.2.0–4.4.6js

Source	Link
github	www.github.com/openpgpjs/openpgpjs/releases/tag/v4.4.7
github	www.github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e
github	www.github.com/openpgpjs/openpgpjs/pull/853
packetstormsecurity	www.packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
github	www.github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0
sec-consult	www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
bsi	www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Aug 2019 01:44Current

2.7Low risk

Vulners AI Score2.7

CVSS24.3

CVSS35.9

EPSS0.00285