CVE-2020-27209

Опубликовано: 20 мая 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key.

Ссылки

https://eprint.iacr.org/2021/640
Third Party Advisory
https://github.com/kmackay/micro-ecc/commit/1b5f5cea5145c96dd8791b9b2c41424fc74c2172
Patch
Third Party Advisory
https://github.com/kmackay/micro-ecc/releases
Third Party Advisory
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
Third Party Advisory
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Third Party Advisory
https://eprint.iacr.org/2021/640
Third Party Advisory
https://github.com/kmackay/micro-ecc/commit/1b5f5cea5145c96dd8791b9b2c41424fc74c2172
Patch
Third Party Advisory
https://github.com/kmackay/micro-ecc/releases
Third Party Advisory
https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
Third Party Advisory
https://www.aisec.fraunhofer.de/en/FirmwareProtection.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:micro-ecc_project:micro-ecc:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00463

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q6hh-7xhq-494h

github

больше 3 лет назад