Your submission was sent successfully! Close

CVE-2020-11735

Published: 25 June 2020

The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
wolfssl
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy Not vulnerable
(4.4.0+dfsg-2)
hirsute Not vulnerable
(4.4.0+dfsg-2)
impish Not vulnerable
(4.4.0+dfsg-2)
jammy Not vulnerable
(4.4.0+dfsg-2)
precise Does not exist

trusty Does not exist

upstream
Released (4.4.0+dfsg-1)
xenial Ignored
(end of standard support, was needed)