Описание
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 4.2.0+dfsg-3 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 4.2.0+dfsg-3 |
| esm-apps/jammy | not-affected | 4.2.0+dfsg-3 |
| esm-apps/noble | not-affected | 4.2.0+dfsg-3 |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE |
Показывать по
4.3 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) gen ...
wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.
4.3 Medium
CVSS2
5.3 Medium
CVSS3