Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-14318
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-30 Jul, 2019 | 17:15
Updated At-20 Aug, 2019 | 18:15

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.9MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
cryptopp
cryptopp
>>crypto\+\+>>Versions up to 8.3.0(inclusive)
cpe:2.3:a:cryptopp:crypto\+\+:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-417Primarynvd@nist.gov
CWE ID: CWE-417
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00066.htmlcve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2019/10/02/2cve@mitre.org
N/A
https://eprint.iacr.org/2011/232.pdfcve@mitre.org
Exploit
Third Party Advisory
https://github.com/weidai11/cryptopp/issues/869cve@mitre.org
Patch
Third Party Advisory
https://minerva.crocs.fi.muni.cz/cve@mitre.org
N/A
https://tches.iacr.org/index.php/TCHES/article/view/7337cve@mitre.org
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00066.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2019/10/02/2
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://eprint.iacr.org/2011/232.pdf
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/weidai11/cryptopp/issues/869
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://minerva.crocs.fi.muni.cz/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://tches.iacr.org/index.php/TCHES/article/view/7337
Source: cve@mitre.org
Resource:
Third Party Advisory
Change History
0Changes found
Details not found