Candidate: CVE-2019-14318
PublicDate: 2019-07-30 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14318
 https://github.com/weidai11/cryptopp/issues/869
 https://eprint.iacr.org/2011/232.pdf
 https://tches.iacr.org/index.php/TCHES/article/view/7337
Description:
 Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA
 signature generation. This allows a local or remote attacker, able to
 measure the duration of hundreds to thousands of signing operations, to
 compute the private key used. The issue occurs because scalar
 multiplication in ecp.cpp (prime field curves, small leakage) and
 algebra.cpp (binary field curves, large leakage) is not constant time and
 leaks the bit length of the scalar among other information.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934326
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]


Patches_libcrypto++:
upstream_libcrypto++: released (5.6.4-9)
precise/esm_libcrypto++: DNE
trusty_libcrypto++: ignored (out of standard support)
trusty/esm_libcrypto++: needed
xenial_libcrypto++: ignored (end of standard support, was needed)
bionic_libcrypto++: needed
disco_libcrypto++: ignored (reached end-of-life)
eoan_libcrypto++: not-affected (5.6.4-9)
focal_libcrypto++: not-affected (5.6.4-9)
groovy_libcrypto++: not-affected (5.6.4-9)
hirsute_libcrypto++: not-affected (5.6.4-9)
impish_libcrypto++: not-affected (5.6.4-9)
jammy_libcrypto++: not-affected (5.6.4-9)
devel_libcrypto++: not-affected (5.6.4-9)