CVE-2019-19963
MEDIUMwolfssl < 4.3.0 - Side-Channel Attack via DSA Nonce Modular Inversion
Title source: llmDescription
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/wolfSSL/wolfssl/releases/tag/v4.3.0-stable
Patch, Third Party Advisory x_refsource_misc
https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190
Scores
CVSS v3
5.3
EPSS
0.0095
EPSS Percentile
56.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (1)
wolfssl/wolfssl
< 4.3.0
Published
Dec 25, 2019
Tracked Since
Feb 18, 2026