Note:
This project will be discontinued after December 13, 2021. [more]
2020-04-12
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.
Products | Wolfssl |
Type | Information Exposure Through Discrepancy (CWE-203) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/wolfSSL/wolfssl/pull/2894/ |
Links | https://gist.github.com/pietroborrello/7c5be2d1dc15349c4ffc8671f0aad04f |