FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b70b880f-5727-11ea-a2f3-001cc0382b2f	Mbed TLS -- Side channel attack on ECDSA Janos Follath reports: Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key. Discovery 2019-10-25 Entry 2020-02-24 mbedtls < 2.16.4 https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 CVE-2019-18222

VuXML ID

Description

b70b880f-5727-11ea-a2f3-001cc0382b2f

Mbed TLS -- Side channel attack on ECDSA

Janos Follath reports:

Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key.

Discovery 2019-10-25
Entry 2020-02-24
mbedtls

< 2.16.4

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
CVE-2019-18222