PT-2019-12036 · Unknown · Elliptic-Php

Sam Sanoop

Publicado

2019-11-18

Atualizado

2020-08-24

CVE-2019-10764

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions elliptic-php versions prior to 1.0.6

Description The issue allows for potential timing attacks, which under certain conditions, could lead to the practical recovery of the long-term private key generated by the library. This is due to the possible leakage of a bit-length of the scalar during scalar multiplication on an elliptic curve.

Recommendations For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.

Exploit

Correção

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203

Identificadores relacionados

CVE-2019-10764

GHSA-MR6R-82X4-F4JJ

SNYK-PHP-SIMPLITOELLIPTICPHP-534576

Produtos afetados

Elliptic-Php

PT-2019-12036 · Unknown · Elliptic-Php

CVE-2019-10764

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6