PT-2019-12036 · Unknown · Elliptic-Php

Sam Sanoop

Published

2019-11-18

Updated

2020-08-24

CVE-2019-10764

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions elliptic-php versions prior to 1.0.6

Description The issue allows for potential timing attacks, which under certain conditions, could lead to the practical recovery of the long-term private key generated by the library. This is due to the possible leakage of a bit-length of the scalar during scalar multiplication on an elliptic curve.

Recommendations For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2019-10764

GHSA-MR6R-82X4-F4JJ

SNYK-PHP-SIMPLITOELLIPTICPHP-534576

Affected Products

Elliptic-Php

PT-2019-12036 · Unknown · Elliptic-Php

CVE-2019-10764

Weakness Enumeration

Related Identifiers

Affected Products

References · 6