Timing Attack Vulnerability in Crypt::Perl by GitHub
CVE-2020-17478

7.5HIGH

Key Information:

Vendor: P5-crypt-perl Project
Status: P5-crypt-perl
Vendor: CVE Published:; 10 August 2020

Summary

The Crypt::Perl library contains a flaw in ECDSA/EC/Point.pm prior to version 0.33, which inadequately defends against timing attacks in the EC point multiplication algorithm. Attackers could exploit this vulnerability to glean sensitive information through carefully timed manipulations.

References

https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2020
Vulnerability Reserved
Aug 10, 2020