CVE-2024-1544
| Summary |
Generating the ECDSA nonce k samples a random number r and then
truncates this randomness with a modular reduction mod n where n is the
order of the elliptic curve. Meaning k = r mod n. The division used
during the reduction estimates a factor q_e by dividing the upper two
digits (a digit having e.g. a size of 8 byte) of r by the upper digit of
n and then decrements q_e in a loop until it has the correct size.
Observing the number of times q_e is decremented through a control-flow
revealing side-channel reveals a bias in the most significant bits of
k. Depending on the curve this is either a negligible bias or a
significant bias large enough to reconstruct k with lattice reduction
methods. For SECP160R1, e.g., we find a bias of 15 bits.
|
| Publication Date |
Aug. 28, 2024, 4:15 a.m. |
| Registration Date |
Aug. 28, 2024, noon |
| Last Update |
Aug. 28, 2024, 9:57 p.m. |
Related information, measures and tools
Common Vulnerabilities List
JVN Vulnerability Information
wolfSSL Inc. の wolfSSL における観測可能な不一致に関する脆弱性
| Title |
wolfSSL Inc. の wolfSSL における観測可能な不一致に関する脆弱性
|
| Summary |
wolfSSL Inc. の wolfSSL には、観測可能な不一致に関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
Aug. 27, 2024, midnight |
| Registration Date |
Dec. 9, 2025, 12:34 p.m. |
| Last Update |
Dec. 9, 2025, 12:34 p.m. |
Affected System
| wolfSSL Inc. |
|
wolfSSL 5.7.2 未満
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2025年12月09日]
掲載 |
Dec. 9, 2025, 12:34 p.m. |