High severityNVD Advisory· Published Nov 18, 2019· Updated Aug 4, 2024
CVE-2019-10764
CVE-2019-10764
Description
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
simplito/elliptic-phpPackagist | < 1.0.6 | 1.0.6 |
Affected products
2- elliptic-php/elliptic-phpdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-mr6r-82x4-f4jjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10764ghsaADVISORY
- github.com/simplito/elliptic-php/commit/15652609aa55968d56685c2a9120535ccdc00fd9ghsaWEB
- minerva.crocs.fi.muni.czghsaWEB
- minerva.crocs.fi.muni.czmitrex_refsource_MISC
- snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.