CVE-2019-13629 - OpenCVE

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Matrixssl	Matrixssl

Configuration 1 [-]

cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2019/10/02/2
https://eprint.iacr.org/2011/232.pdf
https://minerva.crocs.fi.muni.cz/
https://tches.iacr.org/index.php/TCHES/article/view/7337

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-03T13:23:25

Updated: 2024-08-04T23:57:39.514Z

Reserved: 2019-07-17T00:00:00

Link: CVE-2019-13629

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-10-03T14:15:11.150

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-13629

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-03T13:24:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://eprint.iacr.org/2011/232.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://tches.iacr.org/index.php/TCHES/article/view/7337"}, {"name": "[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/02/2"}, {"tags": ["x_refsource_MISC"], "url": "https://minerva.crocs.fi.muni.cz/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13629", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://eprint.iacr.org/2011/232.pdf", "refsource": "MISC", "url": "https://eprint.iacr.org/2011/232.pdf"}, {"name": "https://tches.iacr.org/index.php/TCHES/article/view/7337", "refsource": "MISC", "url": "https://tches.iacr.org/index.php/TCHES/article/view/7337"}, {"name": "[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/02/2"}, {"name": "https://minerva.crocs.fi.muni.cz/", "refsource": "MISC", "url": "https://minerva.crocs.fi.muni.cz/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.514Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://eprint.iacr.org/2011/232.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tches.iacr.org/index.php/TCHES/article/view/7337"}, {"name": "[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/02/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://minerva.crocs.fi.muni.cz/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13629", "datePublished": "2019-10-03T13:23:25", "dateReserved": "2019-07-17T00:00:00", "dateUpdated": "2024-08-04T23:57:39.514Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "83C90122-07C8-4F04-A5E1-7B96417BFB7E", "versionEndIncluding": "4.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/ecc_math.c scalar multiplication leaks the bit length of the scalar."}, {"lang": "es", "value": "MatrixSSL versi\u00f3n 4.2.1 y anteriores, contienen un canal lateral de temporizaci\u00f3n en la generaci\u00f3n de firmas ECDSA. Esto permite a un atacante local o remoto, capaz de medir la duraci\u00f3n de cientos de miles de operaciones de firma, calcular la clave privada usada. El problema se presenta porque la multiplicaci\u00f3n escalar del archivo crypto/pubkey/ecc_math.c pierde la longitud de bits del scalar."}], "id": "CVE-2019-13629", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-03T14:15:11.150", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/02/2"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://eprint.iacr.org/2011/232.pdf"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://minerva.crocs.fi.muni.cz/"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://tches.iacr.org/index.php/TCHES/article/view/7337"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}, {"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}