How severe is CVE-2024-1544?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2024-1544?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2024-1544 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.

Related Vulnerabilities

CVE-2024-38465

MEDIUM

CVSS:4.0(Medium)

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.

CWE-2032024

CVE-2024-8992

MEDIUM

CVSS:4.0(Medium)

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CWE-2032024

CVE-2019-14353

MEDIUM

CVSS:4.2(Medium)

On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing...

CWE-2032019

CVE-2020-9690

MEDIUM

CVSS:4.2(Medium)

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

CWE-2032020

CVE-2024-45678

MEDIUM

CVSS:4.2(Medium)

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equ...

CWE-2032024

CVE-2019-12383

MEDIUM

CVSS:4.3(Medium)

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my lang...

CWE-2032019