mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 23:27:33 +02:00
0xMarcio
864 B
864 B
CVE-2019-13629
Description
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.
POC
Reference
Github
No PoCs found on GitHub currently.