Masu bincike daga Jami'ar. Masari
Sanannun ayyukan da tsarin harin da aka tsara ya shafa su ne OpenJDK/OracleJDK (CVE-2019-2894) da ɗakin karatu.
An riga an gyara matsalar a cikin sakewar libgcrypt 1.8.5 da wolfCrypt 4.1.0, sauran ayyukan ba su haifar da sabuntawa ba tukuna. Kuna iya bin diddigin gyara don rauni a cikin fakitin libgcrypt a cikin rabawa akan waɗannan shafuka:
Rashin lahani
libkcapi daga Linux kernel, Sodium da GnuTLS.
Matsalar tana faruwa ne ta hanyar ikon tantance ƙimar raƙuman raƙuman mutum ɗaya yayin haɓaka scalar a cikin ayyukan elliptical curve. Ana amfani da hanyoyin kai tsaye, kamar ƙididdige jinkiri na lissafin lissafi, don fitar da ɗan bayani. Harin yana buƙatar samun dama ga mai masaukin da aka samar da sa hannun dijital akansa (ba
Duk da ƙarancin girman yoyon, ga ECDSA gano ko da ƴan kaɗan ne tare da bayani game da vector farawa (babu ɗaya) ya isa a kai hari don dawo da maɓalli na sirri a jere. A cewar marubutan hanyar, don samun nasarar dawo da maɓalli, nazarin sa hannun dijital da yawa zuwa dubu da yawa da aka samar don saƙon da aka sani ga maharin ya isa. Misali, an yi nazarin sa hannun dijital dubu 90 ta amfani da secp256r1 elliptic curve don tantance maɓalli mai zaman kansa da aka yi amfani da shi akan katin wayo na Athena IDProtect bisa guntuwar Inside Secure AT11SC. Jimlar lokacin harin shine mintuna 30.
source: budenet.ru