Vulnerability Details CVE-2019-13629
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.4%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2019/10/02/2
- https://eprint.iacr.org/2011/232.pdf
- https://minerva.crocs.fi.muni.cz/
- https://tches.iacr.org/index.php/TCHES/article/view/7337
- http://www.openwall.com/lists/oss-security/2019/10/02/2
- https://eprint.iacr.org/2011/232.pdf
- https://minerva.crocs.fi.muni.cz/
- https://tches.iacr.org/index.php/TCHES/article/view/7337
Products affected by CVE-2019-13629
-
cpe:2.3:a:matrixssl:matrixssl:-
-
cpe:2.3:a:matrixssl:matrixssl:3.8.2
-
cpe:2.3:a:matrixssl:matrixssl:3.8.3
-
cpe:2.3:a:matrixssl:matrixssl:3.8.4
-
cpe:2.3:a:matrixssl:matrixssl:3.8.5
-
cpe:2.3:a:matrixssl:matrixssl:3.8.6
-
cpe:2.3:a:matrixssl:matrixssl:3.8.7
-
cpe:2.3:a:matrixssl:matrixssl:3.8.7a
-
cpe:2.3:a:matrixssl:matrixssl:3.8.7b
-
cpe:2.3:a:matrixssl:matrixssl:3.9.0
-
cpe:2.3:a:matrixssl:matrixssl:3.9.1
-
cpe:2.3:a:matrixssl:matrixssl:3.9.3
-
cpe:2.3:a:matrixssl:matrixssl:3.9.5
-
cpe:2.3:a:matrixssl:matrixssl:4.0.0
-
cpe:2.3:a:matrixssl:matrixssl:4.0.1
-
cpe:2.3:a:matrixssl:matrixssl:4.0.2
-
cpe:2.3:a:matrixssl:matrixssl:4.1.0
-
cpe:2.3:a:matrixssl:matrixssl:4.2.0
-
cpe:2.3:a:matrixssl:matrixssl:4.2.1