Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
383
VMScore

CVE-2019-14318

Published: 30/07/2019 Updated: 20/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Cryptopp

Vulnerability Summary

Crypto++ 8.3.0 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cryptopp crypto\\+\\+

Vendor Advisories

Debian CVElist Bug Report Logs: libcrypto++: CVE-2022-48570
Debian Bug report logs - #1059309 libcrypto++: CVE-2022-48570 Package: src:libcrypto++; Maintainer for src:libcrypto++ is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 13:39:04 UTC Severity: important Tags: security, upstream Reply or subscrib ...
Debian CVElist Bug Report Logs: libcrypto++: CVE-2019-14318
Debian Bug report logs - #934326 libcrypto++: CVE-2019-14318 Package: src:libcrypto++; Maintainer for src:libcrypto++ is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Aug 2019 19:15:02 UTC Severity: important Tags: security, upstream Found in versions ...
Arch Linux Issues:
A vulnerability has been found in the ECDSA/EdDSA implementation of crypto++ up to 820, allowing for practical recovery of the long-term private key ...

Github Repositories

https://github.com/crocs-muni/ECTester

Tests support and behavior of elliptic curve cryptography implementations on JavaCards (TYPE_EC_FP and TYPE_EC_F2M) and in selected software libraries.

ECTester is a tool for testing and analysis of elliptic curve cryptography implementations on JavaCards and in cryptographic libraries It consists of four separate parts: The ECTester applet, a JavaCard applet that provides the testing interface The ECTesterReader app, a reader app that works with the applet The ECTesterStandalone app, which works with software libraries Jupy

References

CWE-417https://tches.iacr.org/index.php/TCHES/article/view/7337https://eprint.iacr.org/2011/232.pdfhttps://github.com/weidai11/cryptopp/issues/869http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00066.htmlhttp://www.openwall.com/lists/oss-security/2019/10/02/2https://minerva.crocs.fi.muni.cz/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059309https://github.com/crocs-muni/ECTesterhttps://security.archlinux.org/CVE-2019-14318
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook