CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering<br /> the private key exists in the ECDSA signature computation.<br /> <br /> Impact summary: A timing side-channel in ECDSA signature computations<br /> could allow recovering the private key by an attacker. However, measuring<br /> the timing would require either local access to the signing application or<br /> a very fast network connection with low latency.<br /> <br /> There is a timing signal of around 300 nanoseconds when the top word of<br /> the inverted ECDSA nonce value is zero. This can happen with significant<br /> probability only for some of the supported elliptic curves. In particular<br /> the NIST P-521 curve is affected. To be able to measure this leak, the attacker<br /> process must either be located in the same physical computer or must<br /> have a very fast network connection with low latency. For that reason<br /> the severity of this vulnerability is Low.<br /> <br /> The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.