CVE-2018-12434

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-15 02:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-12434

Mitre link : CVE-2018-12434

CVE.ORG link : CVE-2018-12434


JSON object : View

Products Affected

openbsd

  • libressl
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor