Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:CVE-2020-6829
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:CVE-2020-6829
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2:3.26.2-1.1+deb9u2
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream nss
package.
See How to fix?
for Debian:9
relevant versions.
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active