mdanter/ecc is vulnerable to Sensitive Information Disclosure. The vulnerability is due to computing point addition in a non constant time, which allows an attacker to deduce the private key by comparing the time it takes to compute each point addition.
CPE | Name | Operator | Version |
---|---|---|---|
paragonie/ecc | eq | v2.0.0 | |
mdanter/ecc | le | 7.3.x-dev | |
paragonie/ecc | eq | v2.0.0 | |
mdanter/ecc | le | 7.3.x-dev |