PT-2019-13454 · Wolfssl · Wolfssl+1

Keegan Ryan

Published

2019-10-03

Updated

2022-05-24

CVE-2019-13628

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions wolfSSL and wolfCrypt versions 4.0.0 and earlier

Description The issue is a timing side channel in ECDSA signature generation, which allows a local attacker to infer information about the nonces used and potentially recover the private key. This occurs because the scalar multiplication in ecc.c might leak the bit length, enabling a lattice attack. The attacker must be able to precisely measure the duration of signature operations.

Recommendations For wolfSSL and wolfCrypt versions 4.0.0 and earlier, consider configuring with --enable-fpecc, --enable-sp, or --enable-sp-math to mitigate the issue. As a temporary workaround, restrict access to the ecc.c scalar multiplication function to minimize the risk of exploitation.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2019-13628

GHSA-Q95H-VC86-HV77

Affected Products

Wolfcrypt

Wolfssl

PT-2019-13454 · Wolfssl · Wolfssl+1

CVE-2019-13628

Weakness Enumeration

Related Identifiers

Affected Products

References · 14