CVE-2019-10764

Опубликовано: 18 нояб. 2019

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.

Ссылки

https://minerva.crocs.fi.muni.cz/
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576
Third Party Advisory
https://minerva.crocs.fi.muni.cz/
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simplito:elliptic-php:*:*:*:*:*:*:*:*

Версия до 1.0.6 (исключая)

EPSS

Процентиль: 58%

0.00361

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-mr6r-82x4-f4jj