A timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. Upstream Issue: https://github.com/weidai11/cryptopp/issues/1080
Created cryptopp tracking bugs for this issue: Affects: epel-all [bug 2020538] Affects: fedora-all [bug 2020537]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
FY Upstream as closed this as notabug https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996527355 As "key lengh value" isn't a sensible information as I understand.