How severe is CVE-2019-14318?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2019-14318?

This is classified as CWE-417, which is a common weakness in software security.

CVE-2019-14318 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.

Related Vulnerabilities

CVE-2017-3969

MEDIUM

CVSS:5.9(Medium)

Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate imple...

CWE-4172017

CVE-2017-2712

MEDIUM

CVSS:5.3(Medium)

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to...

CWE-4172017

CVE-2016-9879

HIGH

CVSS:7.5(High)

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints...

CWE-4172016

CVE-2018-14900

HIGH

CVSS:7.5(High)

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.

CWE-4172018

CVE-2018-5254

HIGH

CVSS:7.5(High)

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.

CWE-4172018

CVE-2017-7760

HIGH

CVSS:7.8(High)

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a...

CWE-4172017