Vulnerabilities > CVE-2019-13629 - Information Exposure Through Discrepancy vulnerability in Matrixssl

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

matrixssl

CWE-203

NVD

Published: 2019-10-03

Updated: 2021-07-21

Summary

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.

Vulnerable Configurations

Part	Description	Count
Application	Matrixssl Matrixssl Matrixssl - Matrixssl Matrixssl 4.0.0 Matrixssl Matrixssl 4.0.1 Matrixssl Matrixssl 4.0.2 Matrixssl Matrixssl 4.1.0 Matrixssl Matrixssl 4.2.0 Matrixssl Matrixssl 4.2.1	7

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References