CVE-2019-14318 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-14318 Interim 1 23 2025-08-14T02:00:39Z current 2021-05-30T14:30:15Z 2025-08-14T02:00:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-14318 Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PIBT23NESB2572K3CT3URDK6WH7QTD3Y/#PIBT23NESB2572K3CT3URDK6WH7QTD3Y E-Mail link for openSUSE-SU-2019:1968-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Package Hub 15 SUSE Package Hub 15 SP1 openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Tumbleweed libcryptopp-devel-5.6.5-bp150.3.3.1 libcryptopp-devel-5.6.5-bp151.4.3.1 libcryptopp-devel-5.6.5-lp150.2.3.1 libcryptopp-devel-5.6.5-lp151.3.3.1 libcryptopp-devel-8.6.0-1.1 libcryptopp-devel-8.6.0-150400.1.6 libcryptopp-devel-8.6.0-150400.3.6.1 libcryptopp5_6_5-32bit-5.6.5-lp150.2.3.1 libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 libcryptopp5_6_5-5.6.5-bp150.3.3.1 libcryptopp5_6_5-5.6.5-bp151.4.3.1 libcryptopp5_6_5-5.6.5-lp150.2.3.1 libcryptopp5_6_5-5.6.5-lp151.3.3.1 libcryptopp5_6_5-64bit-5.6.5-bp150.3.3.1 libcryptopp5_6_5-64bit-5.6.5-bp151.4.3.1 libcryptopp8_6_0-32bit-8.6.0-1.1 libcryptopp8_6_0-8.6.0-1.1 libcryptopp8_6_0-8.6.0-150400.1.6 libcryptopp8_6_0-8.6.0-150400.3.6.1 libcryptopp-devel-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libcryptopp8_6_0-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 libcryptopp-devel-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libcryptopp8_6_0-8.6.0-150400.1.6 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libcryptopp-devel-8.6.0-150400.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libcryptopp8_6_0-8.6.0-150400.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libcryptopp-devel-8.6.0-150400.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libcryptopp8_6_0-8.6.0-150400.3.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libcryptopp-devel-5.6.5-bp150.3.3.1 as a component of SUSE Package Hub 15 libcryptopp5_6_5-5.6.5-bp150.3.3.1 as a component of SUSE Package Hub 15 libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 as a component of SUSE Package Hub 15 libcryptopp5_6_5-64bit-5.6.5-bp150.3.3.1 as a component of SUSE Package Hub 15 libcryptopp-devel-5.6.5-bp151.4.3.1 as a component of SUSE Package Hub 15 SP1 libcryptopp5_6_5-5.6.5-bp151.4.3.1 as a component of SUSE Package Hub 15 SP1 libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 as a component of SUSE Package Hub 15 SP1 libcryptopp5_6_5-64bit-5.6.5-bp151.4.3.1 as a component of SUSE Package Hub 15 SP1 libcryptopp-devel-5.6.5-lp150.2.3.1 as a component of openSUSE Leap 15.0 libcryptopp5_6_5-5.6.5-lp150.2.3.1 as a component of openSUSE Leap 15.0 libcryptopp5_6_5-32bit-5.6.5-lp150.2.3.1 as a component of openSUSE Leap 15.0 libcryptopp-devel-5.6.5-lp151.3.3.1 as a component of openSUSE Leap 15.1 libcryptopp5_6_5-5.6.5-lp151.3.3.1 as a component of openSUSE Leap 15.1 libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 as a component of openSUSE Leap 15.1 libcryptopp-devel-8.6.0-1.1 as a component of openSUSE Tumbleweed libcryptopp8_6_0-8.6.0-1.1 as a component of openSUSE Tumbleweed libcryptopp8_6_0-32bit-8.6.0-1.1 as a component of openSUSE Tumbleweed Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information. CVE-2019-14318 SUSE Linux Enterprise Module for Basesystem 15 SP4:libcryptopp-devel-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP4:libcryptopp8_6_0-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp-devel-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP5:libcryptopp8_6_0-8.6.0-150400.1.6 SUSE Linux Enterprise Module for Basesystem 15 SP6:libcryptopp-devel-8.6.0-150400.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libcryptopp8_6_0-8.6.0-150400.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libcryptopp-devel-8.6.0-150400.3.6.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libcryptopp8_6_0-8.6.0-150400.3.6.1 SUSE Package Hub 15:libcryptopp-devel-5.6.5-bp150.3.3.1 SUSE Package Hub 15:libcryptopp5_6_5-5.6.5-bp150.3.3.1 SUSE Package Hub 15:libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 SUSE Package Hub 15:libcryptopp5_6_5-64bit-5.6.5-bp150.3.3.1 SUSE Package Hub 15 SP1:libcryptopp-devel-5.6.5-bp151.4.3.1 SUSE Package Hub 15 SP1:libcryptopp5_6_5-5.6.5-bp151.4.3.1 SUSE Package Hub 15 SP1:libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 SUSE Package Hub 15 SP1:libcryptopp5_6_5-64bit-5.6.5-bp151.4.3.1 openSUSE Leap 15.0:libcryptopp-devel-5.6.5-lp150.2.3.1 openSUSE Leap 15.0:libcryptopp5_6_5-5.6.5-lp150.2.3.1 openSUSE Leap 15.0:libcryptopp5_6_5-32bit-5.6.5-lp150.2.3.1 openSUSE Leap 15.1:libcryptopp-devel-5.6.5-lp151.3.3.1 openSUSE Leap 15.1:libcryptopp5_6_5-5.6.5-lp151.3.3.1 openSUSE Leap 15.1:libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1 openSUSE Tumbleweed:libcryptopp-devel-8.6.0-1.1 openSUSE Tumbleweed:libcryptopp8_6_0-8.6.0-1.1 openSUSE Tumbleweed:libcryptopp8_6_0-32bit-8.6.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N