CVE-2011-1945
EPSS 4.8%openssl - compromised certificate authority
發布日:2011/5/31修改日:2026/4/28
描述
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
受影響套件(2)
- Debian/opensslfrom 0, < 1.0.0e-1
- Debian/opensslfrom 0, < 0.9.8g-15+lenny12