QwikSec

Security Database

CVE

CWE

Training

CVE-2019-14318

Published: Jul 30, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://eprint.iacr.org/2011/232.pdf

x_refsource_MISC

https://tches.iacr.org/index.php/TCHES/article/view/7337

x_refsource_MISC

https://github.com/weidai11/cryptopp/issues/869

x_refsource_MISC

openSUSE-SU-2019:1968

vendor-advisory

x_refsource_SUSE

[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage

mailing-list

x_refsource_MLIST

https://minerva.crocs.fi.muni.cz/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.