CVE-2019-14318
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-14318
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14318.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-14318
- Related
- Published
- 2019-07-30T17:15:12Z
- Modified
- 2025-01-08T05:44:58.737654Z
- Downstream
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.
- References
-
- https://eprint.iacr.org/2011/232.pdf
- https://github.com/weidai11/cryptopp/issues/869
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00066.html
- http://www.openwall.com/lists/oss-security/2019/10/02/2
- https://minerva.crocs.fi.muni.cz/
- https://tches.iacr.org/index.php/TCHES/article/view/7337
- https://security-tracker.debian.org/tracker/CVE-2019-14318
Affected packages
Debian:11 / libcrypto++
Package
- Name
- libcrypto++
- Purl
- pkg:deb/debian/libcrypto%2B%2B?arch=source
Debian:12 / libcrypto++
Package
- Name
- libcrypto++
- Purl
- pkg:deb/debian/libcrypto%2B%2B?arch=source
Debian:13 / libcrypto++
Package
- Name
- libcrypto++
- Purl
- pkg:deb/debian/libcrypto%2B%2B?arch=source
Git / github.com/weidai11/cryptopp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/weidai11/cryptopp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
CRYPTOPP_5_0
CRYPTOPP_5_1
CRYPTOPP_5_2
CRYPTOPP_5_2_1
CRYPTOPP_5_2_3
CRYPTOPP_5_3_0
CRYPTOPP_5_4
CRYPTOPP_5_5
CRYPTOPP_5_5_1
CRYPTOPP_5_5_2
CRYPTOPP_5_6_0
CRYPTOPP_5_6_1
CRYPTOPP_5_6_2
CRYPTOPP_5_6_3
CRYPTOPP_5_6_4
CRYPTOPP_5_6_5
CRYPTOPP_6_0_0
CRYPTOPP_6_1_0
CRYPTOPP_7_0_0
CRYPTOPP_8_0_0
CRYPTOPP_8_1_0
CRYPTOPP_8_2_0
CRYPTOPP_8_3_0