Back to search
CVE-2011-1945
Published: May 31, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2011:136
vendor-advisory
x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
x_refsource_CONFIRM
MDVSA-2011:137
vendor-advisory
x_refsource_MANDRIVA
DSA-2309
vendor-advisory
x_refsource_DEBIAN
http://support.apple.com/kb/HT5784
x_refsource_CONFIRM
APPLE-SA-2013-06-04-1
vendor-advisory
x_refsource_APPLE
openSUSE-SU-2011:0634
vendor-advisory
x_refsource_SUSE
VU#536044
third-party-advisory
x_refsource_CERT-VN
SUSE-SU-2011:0636
vendor-advisory
x_refsource_SUSE
44935
third-party-advisory
x_refsource_SECUNIA
http://eprint.iacr.org/2011/232.pdf
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now