oss-sec mailing list archives
CVE request: MatrixSSL lack of RSA-CRT hardening
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 27 Jun 2016 08:08:14 +0200
MatrixSSL 3.8.3 comes with this fix: <https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation> I think this warrants a CVE ID because RSA-CRT key leaks from MatrixSSL have been observed in practice. (I'm not sure if the contributing factor was a bug in the MatrixSSL bignum routines, or defective hardware.) (There are some other changes whose description suggests they would warrant CVE assignment as well, but I have not looked at those.)
Current thread:
- CVE request: MatrixSSL lack of RSA-CRT hardening Florian Weimer (Jun 26)
- Re: CVE request: MatrixSSL lack of RSA-CRT hardening Hanno Böck (Jun 29)