{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T00:42:03.629","vulnerabilities":[{"cve":{"id":"CVE-2024-1544","sourceIdentifier":"facts@wolfssl.com","published":"2024-08-27T19:15:16.547","lastModified":"2026-01-27T22:15:51.300","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Generating the ECDSA nonce k samples a random number r and then \ntruncates this randomness with a modular reduction mod n where n is the \norder of the elliptic curve. Meaning k = r mod n. The division used \nduring the reduction estimates a factor q_e by dividing the upper two \ndigits (a digit having e.g. a size of 8 byte) of r by the upper digit of \nn and then decrements q_e in a loop until it has the correct size. \nObserving the number of times q_e is decremented through a control-flow \nrevealing side-channel reveals a bias in the most significant bits of \nk. Depending on the curve this is either a negligible bias or a \nsignificant bias large enough to reconstruct k with lattice reduction \nmethods. For SECP160R1, e.g., we find a bias of 15 bits."},{"lang":"es","value":"Generar el nonce k ECDSA muestra un número aleatorio r y luego trunca esta aleatoriedad con una reducción modular mod n donde n es el orden de la curva elíptica. Significado k = r mod n. La división utilizada durante la reducción estima un factor q_e dividiendo los dos dígitos superiores (un dígito que tiene, por ejemplo, un tamaño de 8 bytes) de r por el dígito superior de n y luego disminuye q_e en un bucle hasta que tenga el tamaño correcto. Observar el número de veces que q_e disminuye a través de un canal lateral revelador de flujo de control revela un sesgo en los bits más significativos de k. Dependiendo de la curva, esto es un sesgo insignificante o un sesgo significativo lo suficientemente grande como para reconstruir k con métodos de reducción de celosía. Para SECP160R1, por ejemplo, encontramos un sesgo de 15 bits."}],"metrics":{"cvssMetricV31":[{"source":"facts@wolfssl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"facts@wolfssl.com","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.2","matchCriteriaId":"F0F4729E-754A-4CB1-A77D-1E1E97F0F69B"}]}]}],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/7020","source":"facts@wolfssl.com"},{"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable","source":"facts@wolfssl.com","tags":["Release Notes"]}]}}]}