Search for packages
| purl | pkg:pypi/wolfcrypt@0.1.8 |
| Next non-vulnerable version | 4.1.0.post0 |
| Latest non-vulnerable version | 4.1.0.post0 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-15fc-qcja-yfh6
Aliases: CVE-2019-13628 GHSA-q95h-vc86-hv77 |
wolfCrypt leaks cryptographic information via timing side channel wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without `--enable-fpecc`, `--enable-sp`, or` --enable-sp-math`) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:00:23.515892+00:00 | GitLab Importer | Affected by | VCID-15fc-qcja-yfh6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wolfcrypt/CVE-2019-13628.yml | 38.4.0 |
| 2026-04-11T23:15:59.867188+00:00 | GitLab Importer | Affected by | VCID-15fc-qcja-yfh6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wolfcrypt/CVE-2019-13628.yml | 38.3.0 |
| 2026-04-02T23:23:50.152210+00:00 | GitLab Importer | Affected by | VCID-15fc-qcja-yfh6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wolfcrypt/CVE-2019-13628.yml | 38.1.0 |
| 2026-04-01T17:44:48.813175+00:00 | GitLab Importer | Affected by | VCID-15fc-qcja-yfh6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wolfcrypt/CVE-2019-13628.yml | 38.0.0 |