Ján Jančár

**Nome do software vulnerável e versões afetadas** Especificações técnicas da UE para certificados digitais de COVID, versões anteriores à 1.1 **Descrição** O problema diz respeito ao gerenciamento inadequado de certificados, o que pode permitir que um certificado de chave pública não destinado à produção seja utilizado em ambiente de produção. **Recomendações** Para versões anteriores à 1.1, assegure o gerenciamento adequado de certificados para impedir o uso de certificados de chave pública não destinados à produção em ambientes de produção.

**Name of the Vulnerable Software and Affected Versions** wolfSSL and wolfCrypt versions 4.1.0 and earlier **Description** The issue allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. This occurs because the `dsa.c` file fixes two bits of the generated nonces, leading to biased DSA nonces. **Recommendations** For versions 4.1.0 and earlier, consider updating to a version that generates unbiased DSA nonces to prevent lattice attacks. As a temporary workaround, restrict the use of DSA signatures until a patch is available.

Name of the Vulnerable Software and Affected Versions: Botan versions prior to 2.9.0 Description: A side-channel issue was discovered that affects the ECC key generation process. An attacker capable of precisely measuring the time taken for key generation may be able to derive information about the high bits of the secret key. This is due to the use of an unblinded Montgomery ladder in the function to derive the public point from the secret scalar, whose loop iteration count depends on the bitlength of the secret. This issue only affects key generation and does not impact ECDSA signatures or ECDH key agreement. Recommendations: For versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue. As a temporary workaround, consider implementing timing-based mitigations to minimize the risk of exploitation.