Lucene search
Veracode Vulnerability DatabaseVERACODE:46670HistoryApr 29, 2024 - 7:35 a.m.
Information Disclosure Through Timing Attack
2024-04-2907:35:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
information disclosure
timing attack
point addition
non constant time
private key
software
mdanter/ecc is vulnerable to Sensitive Information Disclosure. The vulnerability is due to computing point addition in a non constant time, which allows an attacker to deduce the private key by comparing the time it takes to compute each point addition.
| CPE | Name | Operator | Version |
|---|---|---|---|
| paragonie/ecc | eq | v2.0.0 | |
| mdanter/ecc | le | 7.3.x-dev | |
| paragonie/ecc | eq | v2.0.0 | |
| mdanter/ecc | le | 7.3.x-dev |
Related
cve
cve
CVE-2024-33851
2024-04-27 22:15:08
vulnrichment
vulnrichment
CVE-2024-33851
2024-04-27 00:00:00
osv
osv
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-28 00:30:22
CVE-2024-33851
2024-04-27 22:15:08
nvd
nvd
CVE-2024-33851
2024-04-27 22:15:08
github
github
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-28 00:30:22
cvelist
cvelist
CVE-2024-33851
2024-04-27 00:00:00
friendsofphp
friendsofphp
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-24 12:02:00
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
2024-04-24 12:02:00