CVE-2020-11735 – The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time mod …

Vuln ID: CVE-2020-11735

Published:  2020-06-25  14:15:11Z

Description: The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."

Source: NVD.NIST.GOV

 

Tags