CVE-2019-10764
N/A
N/A
Summary
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | simplito/elliptic-php | All versions prior to version 2.5 | affected |
Weaknesses
- Timing Attack
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.