Back to search
CVE-2019-10764
Published: Nov 18, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.
| Vendor | Product | Versions |
|---|---|---|
n/a | simplito/elliptic-php | affected All versions prior to version 2.5 |
References
https://minerva.crocs.fi.muni.cz/
x_refsource_MISC
https://snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now