CVE-2011-1945 Information

Share on:

Feb 14, 2021 cve

Description

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite does not properly implement curves over binary fields which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

Reference

http://eprint.iacr.org/2011/232.pdf http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://secunia.com/advisories/44935 http://support.apple.com/kb/HT5784 http://www.debian.org/security/2011/dsa-2309 http://www.kb.cert.org/vuls/id/536044 http://www.kb.cert.org/vuls/id/MAPG-8FENZ3 http://www.mandriva.com/security/advisories?name=MDVSA-2011:136 http://www.mandriva.com/security/advisories?name=MDVSA-2011:137 https://hermes.opensuse.org/messages/8760466 https://hermes.opensuse.org/messages/8764170