{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54448?format=json","vulnerability_id":"VCID-ztr5-x7m4-d7e6","summary":"Generating the ECDSA nonce k samples a random number r and then \ntruncates this randomness with a modular reduction mod n where n is the \norder of the elliptic curve. Meaning k = r mod n. The division used \nduring the reduction estimates a factor q_e by dividing the upper two \ndigits (a digit having e.g. a size of 8 byte) of r by the upper digit of \nn and then decrements q_e in a loop until it has the correct size. \nObserving the number of times q_e is decremented through a control-flow \nrevealing side-channel reveals a bias in the most significant bits of \nk. Depending on the curve this is either a negligible bias or a \nsignificant bias large enough to reconstruct k with lattice reduction \nmethods. For SECP160R1, e.g., we find a bias of 15 bits.","aliases":[{"alias":"CVE-2024-1544"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107506?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107481?format=json","purl":"pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107480?format=json","purl":"pkg:deb/debian/wolfssl@5.9.1-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.1-0.1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/107479?format=json","purl":"pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5rh9-apbs-h3h3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-dvxj-cpr2-dqfq"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-fmtg-ud6q-hqdh"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-gcw5-nqf5-c3g3"},{"vulnerability":"VCID-gfcx-vysg-nqde"},{"vulnerability":"VCID-grds-ffsq-dkg8"},{"vulnerability":"VCID-gtqk-pj1r-f7fy"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jvt4-vdz2-53f7"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n1eq-1t8y-8qg6"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-u28v-ghu2-57hb"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vuu8-zbbs-hqar"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-w78b-1t7y-6kex"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-wpxx-p3cu-tqhx"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-ztr5-x7m4-d7e6"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/107477?format=json","purl":"pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cpy-8cfg-m7by"},{"vulnerability":"VCID-3t6f-4338-2ufb"},{"vulnerability":"VCID-4kqw-4h4n-1kh1"},{"vulnerability":"VCID-5fxd-yhdh-93c3"},{"vulnerability":"VCID-5rh9-apbs-h3h3"},{"vulnerability":"VCID-5t9e-3e1y-x3gq"},{"vulnerability":"VCID-5uj4-cczj-k3br"},{"vulnerability":"VCID-6s5y-9ebe-g3fg"},{"vulnerability":"VCID-8cky-7dxn-q3gn"},{"vulnerability":"VCID-9r5u-7n3h-kuhf"},{"vulnerability":"VCID-ahuu-nu9f-v7h6"},{"vulnerability":"VCID-bcmv-4zxw-p3gz"},{"vulnerability":"VCID-cgfe-yefp-p3hf"},{"vulnerability":"VCID-cwum-6frr-jkcu"},{"vulnerability":"VCID-d53m-u8a8-j3dw"},{"vulnerability":"VCID-dmpm-jrvj-dfe9"},{"vulnerability":"VCID-dvxj-cpr2-dqfq"},{"vulnerability":"VCID-e6n7-fdre-gqbp"},{"vulnerability":"VCID-esbj-656n-qff2"},{"vulnerability":"VCID-fmtg-ud6q-hqdh"},{"vulnerability":"VCID-g2kr-25e3-jff3"},{"vulnerability":"VCID-gcw5-nqf5-c3g3"},{"vulnerability":"VCID-grds-ffsq-dkg8"},{"vulnerability":"VCID-gtqk-pj1r-f7fy"},{"vulnerability":"VCID-j747-p6qq-zff9"},{"vulnerability":"VCID-jvt4-vdz2-53f7"},{"vulnerability":"VCID-jzhy-drxb-xuca"},{"vulnerability":"VCID-ktww-nfwa-s3a1"},{"vulnerability":"VCID-mwtq-ctz8-vygv"},{"vulnerability":"VCID-n1eq-1t8y-8qg6"},{"vulnerability":"VCID-n82v-xc94-gqf2"},{"vulnerability":"VCID-nctg-w5ay-jqaa"},{"vulnerability":"VCID-pjhe-euye-1uck"},{"vulnerability":"VCID-q4qr-d5rm-q3dn"},{"vulnerability":"VCID-qb2p-81us-s7gh"},{"vulnerability":"VCID-rhdd-gnfj-qbcm"},{"vulnerability":"VCID-s7df-gz2p-3kb5"},{"vulnerability":"VCID-ss2x-qr7v-k7cy"},{"vulnerability":"VCID-sur7-4jwh-5bew"},{"vulnerability":"VCID-t1t2-esy1-u7cu"},{"vulnerability":"VCID-t44y-2qrf-3uah"},{"vulnerability":"VCID-tav9-1pth-2qc8"},{"vulnerability":"VCID-tzqp-bbba-skcy"},{"vulnerability":"VCID-u28v-ghu2-57hb"},{"vulnerability":"VCID-uabc-8bk1-f3gj"},{"vulnerability":"VCID-ucxr-u4qd-3qf6"},{"vulnerability":"VCID-urnp-9f8c-gqfb"},{"vulnerability":"VCID-ux6x-sdfm-63d5"},{"vulnerability":"VCID-vn8z-tsnh-1yd3"},{"vulnerability":"VCID-vw28-tt5y-qkgz"},{"vulnerability":"VCID-wa7e-xast-t3dv"},{"vulnerability":"VCID-wpxx-p3cu-tqhx"},{"vulnerability":"VCID-xc3b-jpen-q3h4"},{"vulnerability":"VCID-z1d5-7eje-nfcp"},{"vulnerability":"VCID-zhqa-43p5-vkfb"},{"vulnerability":"VCID-ztr5-x7m4-d7e6"},{"vulnerability":"VCID-zw7v-pke6-xqcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1544","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35772","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789","reference_id":"1081789","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081789"},{"reference_url":"https://github.com/wolfSSL/wolfssl/pull/7020","reference_id":"7020","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/"}],"url":"https://github.com/wolfSSL/wolfssl/pull/7020"},{"reference_url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable","reference_id":"v5.7.2-stable","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T19:14:00Z/"}],"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"}],"weaknesses":[{"cwe_id":203,"name":"Observable Discrepancy","description":"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not."}],"exploits":[],"severity_range_score":"4.1 - 4.1","exploitability":"0.5","weighted_severity":"3.7","risk_score":1.9,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztr5-x7m4-d7e6"}