Search for packages
| purl | pkg:pypi/wolfcrypt@4.0.0 |
| Tags | Ghost |
| Next non-vulnerable version | 4.1.0.post0 |
| Latest non-vulnerable version | 4.1.0.post0 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-15fc-qcja-yfh6
Aliases: CVE-2019-13628 GHSA-q95h-vc86-hv77 |
wolfCrypt leaks cryptographic information via timing side channel wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without `--enable-fpecc`, `--enable-sp`, or` --enable-sp-math`) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:32:15.199668+00:00 | GHSA Importer | Affected by | VCID-15fc-qcja-yfh6 | https://github.com/advisories/GHSA-q95h-vc86-hv77 | 38.1.0 |
| 2026-04-03T21:26:49.526724+00:00 | GitLab Importer | Affected by | VCID-15fc-qcja-yfh6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/wolfcrypt/CVE-2019-13628.yml | 38.1.0 |