mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-14 20:08:44 +00:00
909 B
909 B
CVE-2017-9526
Description
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
POC
Reference
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Github
No PoCs found on GitHub currently.