CVE-2019-14317

Medium

wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the…

mitre·CWE-331·Published 2019-12-11

CVSS

5.3

EPSS

0.02

KEV

Exploits

cve.orgen

290 chars

wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.

NVDen

290 chars

NVDes

351 chars

wolfSSL and wolfCrypt versión 4.1.0 y anteriores (anteriormente conocido como CyaSSL), generan nonces DSA sesgados. Esto permite a un atacante remoto calcular la clave privada a largo plazo de varios cientos de firmas DSA por medio de un ataque de tipo lattice. El problema se presenta porque el archivo dsa.c corrige dos bits de los nonces generados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N