4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-33851

GHSA ID

GHSA-3494-cfwf-56hw

EPSS Score

0.26845%

CWE

Published

4/28/2024

Updated

11/4/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-33851

CVE-2024-33851:
mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. (This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library.)

Paragon Initiative Enterprises hard-forked phpecc/phpecc and discovered the issue in the original code, then released v2.0.1 which fixes the vulnerability. The upstream code is no longer maintained and remains vulnerable for all versions.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-33851

GHSA ID

GHSA-3494-cfwf-56hw

EPSS Score

0.26845%

CWE

Published

4/28/2024

Updated

11/4/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
paragonie/ecc	composer	>= 0, < 2.0.1	2.0.1
mdanter/ecc	composer	<= 1.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from non-constant-time comparisons in point addition operations. The original implementation used conditional branches to check if points were identical (requiring doubling) or additive inverses (returning infinity), creating measurable timing differences. The paragonie/phpecc release notes explicitly reference fixing a branch-based timing leak in point addition, and their mitigation involved replacing the conditional logic with constant-time operations. While other functions (mul(), getDouble()) were mentioned in context of side-channel fixes, the CVE specifically identifies point addition as the vulnerable operation based on the pseudocode example and vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

p*p***, *s us** in ***ll v*rsions** o* m**nt*r/***, *s w*ll *s p*r**oni*/*** ***or* *.*.*, **s * *r*n**-**s** timin* l**k in Point ***ition. (T*is *ompos*r p**k*** is *lso known *s p*p***/p*p*** on *it*u*, pr*viously known *s t** M*ty*s **nt*r *** li

Reasoning

T** vuln*r**ility st*ms *rom non-*onst*nt-tim* *omp*risons in point ***ition op*r*tions. T** ori*in*l impl*m*nt*tion us** *on*ition*l *r*n***s to ****k i* points w*r* i**nti**l (r*quirin* *ou*lin*) or ***itiv* inv*rs*s (r*turnin* in*inity), *r**tin*

4.3

Basic Information

Concerned about an active attack path?

CVE-2024-33851: mdanter/ecc affected by timing vulnerability in cryptographic side-channels

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-33851:
mdanter/ecc affected by timing vulnerability in cryptographic side-channels

Vulnerability Intelligence
Miggo AI