Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL ECC子系统加密问题漏洞
Vulnerability Description
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 当ECDHE_ECDSA密码套件使用Elliptic Curve Digital Signature Algorithm(ECDSA)算法时,OpenSSL 1.0.0d及之前版本中的elliptic curve cryptography(ECC)子系统没有正确实现用二进制字段表示的曲线。攻击者可以借助定时攻击
CVSS Information
N/A
Vulnerability Type
N/A