Memory-Cache Vulnerability in LibreSSL by OpenBSD
CVE-2018-12434

4.7MEDIUM

Key Information:

Vendor
OpenBSD
Status
Libressl
Vendor
CVE Published:
15 June 2018

Summary

LibreSSL versions prior to 2.6.5 and 2.7.x prior to 2.7.4 are susceptible to a memory-cache side-channel attack that targets DSA and ECDSA signatures. This vulnerability, referred to as the Return Of the Hidden Number Problem (ROHNP), allows an attacker to potentially extract cryptographic keys by gaining access to either the local machine or a virtual machine hosted on the same physical hardware. Users of affected versions should implement immediate upgrades and take necessary precautions to safeguard their cryptographic operations.

References

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7...
x_refsource_MISC
https://www.nccgroup.trust/us/our-research/technical-advi...
x_refsource_MISC
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6...
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.