CVE-2018-12434

4.7MEDIUM

Key Information:

Vendor
OpenBSD
Status
Libressl
Vendor
CVE Published:
15 June 2018

Summary

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

References

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7...
x_refsource_MISC
https://www.nccgroup.trust/us/our-research/technical-advi...
x_refsource_MISC
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6...
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.