First published: Thu Oct 03 2019(Updated: )
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
pip/wolfcrypt | <=4.0.0 | 4.1.0 |
WolfSSL wolfssl | <=4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID CVE-2019-13628 refers to a timing side channel in ECDSA signature generation in wolfSSL and wolfCrypt 4.0.0 and earlier.
The severity of CVE-2019-13628 is medium, with a severity value of 4.7.
wolfSSL and wolfCrypt versions 4.0.0 and earlier without the configurations '--enable-fpecc', '--enable-sp', or '--enable-sp-math' are affected by CVE-2019-13628.
A local attacker, who can measure the duration of signature operations with precision, can exploit CVE-2019-13628 by inferring information through the timing side channel in ECDSA signature generation.
To fix CVE-2019-13628, upgrade to version 4.1.0 or later of wolfSSL and wolfCrypt.