ALPINE-CVE-2020-12401

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2020-12401

Published: 08 Oct 2020, 14:15

Last modified:03 Dec 2025, 22:46

Vulnerability Summary

Overall Risk (default)

low

19/100

CVSS Score

4.7 MEDIUM

3.1 (osv_alpine)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Oct 2020, 14:15

Published

Vulnerability first disclosed

03 Dec 2025, 22:46

Last Modified

Vulnerability information updated

Description

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

CVSS Metrics

v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

alpine•nss
< 3.55-r0 | < 3.55-r0 | < 3.55-r0 | < 3.55-r0 | < 3.55-r0 | < 3.55-r0

References (1)

https://security.alpinelinux.org/vuln/CVE-2020-12401