GHSA-mr6r-82x4-f4jj

Suggest an improvement
Source
https://github.com/advisories/GHSA-mr6r-82x4-f4jj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-mr6r-82x4-f4jj/GHSA-mr6r-82x4-f4jj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mr6r-82x4-f4jj
Aliases
Published
2019-11-20T01:34:50Z
Modified
2024-02-16T08:20:42.653583Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Timing attacks might allow practical recovery of the long-term private key
Details

In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-203"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2019-11-19T03:07:02Z"
}
References

Affected packages

Packagist / simplito/elliptic-php

Package

Name
simplito/elliptic-php
Purl
pkg:composer/simplito/elliptic-php

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5