George Pantelakis

**Name of the Vulnerable Software and Affected Versions** openssl-3 (affected versions not specified) **Description** The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before accessing `handshake func` in `ssl lib.c`. This could potentially lead to security issues. There is also an issue with Disabling EMS in OpenSSL configuration, which prevents sshd from starting. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is `inverted ECDSA nonce value` is zero. This can happen with significant probability only for some of the supported elliptic curves, in particular the NIST P-521 curve. The severity of this vulnerability is Low. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ecdsa versions 0.18.0 and prior **Description** The ecdsa PyPI package, a pure Python implementation of ECC (Elliptic Curve Cryptography), is affected by a Minerva timing attack on the P-256 curve. This attack can leak the internal nonce when using the `ecdsa.SigningKey.sign digest()` API function, potentially allowing for private key discovery. The issue affects ECDSA signatures, key generation, and ECDH operations, but not ECDSA signature verification. **Recommendations** For versions 0.18.0 and prior, as a temporary workaround, consider restricting the use of the `ecdsa.SigningKey.sign digest()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuTLS (affected versions not specified) **Description** A flaw was found in GnuTLS, known as the Minerva attack, which is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the `GNUTLS PRIVKEY FLAG REPRODUCIBLE` flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.