CVE-2019-19963
First published: Tue Dec 24 2019(Updated: )
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WolfSSL wolfssl | <4.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-19963.
What is the severity of CVE-2019-19963?
The severity of CVE-2019-19963 is medium.
What is the affected software?
The affected software is Wolfssl version up to but excluding 4.3.0.
How does the vulnerability in CVE-2019-19963 occur?
The vulnerability in CVE-2019-19963 occurs when DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
How can I fix the vulnerability in CVE-2019-19963?
To fix the vulnerability in CVE-2019-19963, you should update to version 4.3.0 or later of Wolfssl.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wolfssl
- canonical/wolfssl wolfssl