CVE-2024-23342
timing attack vulnerability in ecdsa (PyPI)
What is CVE-2024-23342 About?
python-ecdsa is vulnerable to a Minerva timing attack on the P-256 curve, which can lead to the leakage of internal nonces. This vulnerability can result in private key discovery and compromise, affecting ECDSA signatures, key generation, and ECDH operations. While exploitation is complex, it can have severe consequences.
Affected Software
Technical Details
The vulnerability in python-ecdsa (affected in ECDSA signatures, key generation, and ECDH operations) is a Minerva timing attack against the P-256 curve. This side-channel attack targets ecdsa.SigningKey.sign_digest() by measuring the precise execution time of the signing operation. Variations in timing can reveal information about the internal nonce used during signature generation. If enough nonce information is leaked through repeated timing measurements, an attacker can reconstruct the private key. This is a subtle cryptographic side-channel issue, and the project explicitly states side-channel attacks are out of scope, meaning no fix is planned.
What is the Impact of CVE-2024-23342?
Successful exploitation may allow attackers to discover private cryptographic keys, leading to the compromise of digital signatures, impersonation, and unauthorized access to systems or data protected by these keys.
What is the Exploitability of CVE-2024-23342?
Exploitation of this timing attack is complex, requiring precise measurement of computational execution times and statistical analysis. There are no direct authentication or privilege requirements, but the attacker must be able to repeatedly trigger signature operations and accurately measure their duration. This is typically a local or co-located attack, where the attacker has sufficient proximity or control over the environment to observe timing differences. Special conditions include the use of the P-256 curve and the ecdsa.SigningKey.sign_digest() API. Risk factors include environments where an attacker can execute code on the same system or virtual machine, or observe network timing with high precision.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-23342?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/tlsfuzzer/python-ecdsa
- https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md
- https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python
- https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
- https://minerva.crocs.fi.muni.cz
- https://minerva.crocs.fi.muni.cz/
- https://nvd.nist.gov/vuln/detail/CVE-2024-23342
- https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md
- https://osv.dev/vulnerability/GHSA-wj6h-64fc-37mp
- https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp
What are Similar Vulnerabilities to CVE-2024-23342?
Similar Vulnerabilities: CVE-2018-0734 , CVE-2017-8932 , CVE-2013-4482 , CVE-2011-1945 , CVE-2009-0876
