CVE-2024-33851

Name of the Vulnerable Software and Affected Versions phpecc versions prior to 2.0.1 paragonie/ecc versions prior to 2.0.1 mdanter/ecc all versions

Description The issue is a branch-based timing leak in Point addition. This leak is related to the phpecc/phpecc library on GitHub and the Matyas Danter ECC library. The upstream code is no longer maintained, which means it remains vulnerable for all versions.

Recommendations For phpecc versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. For paragonie/ecc versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. For mdanter/ecc, since all versions are affected and no fix is available, consider using an alternative library until a fix is released. As a temporary workaround, consider restricting the use of the Point addition function to minimize the risk of exploitation.