simplito/elliptic-php is vulnerable to timing attack. The bit-length of the scalar is leaked during scalar multiplication on an elloptic curve, which can result in the recovery of the long-term private key generated by the library, due to inconsistent time during generation.
CPE | Name | Operator | Version |
---|---|---|---|
simplito/elliptic-php | le | 1.0.5 |