ByteOS Network

CVE Vulnerability Details :

CVE-2018-0495

PUBLISHED

More Info Official Page

Assigner-debian

Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5

Published At-13 Jun, 2018 | 23:00

Updated At-05 Aug, 2024 | 03:28

▼CVE Numbering Authority (CNA)

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Affected Products

Vendor

n/a

Product

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3

Versions

Affected

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3

Problem Types

Type	CWE ID	Description
text	N/A	side-channel attack

References

Hyperlink	Resource
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=9010d1576e278a4274ad3f4aa15776c28f6ba965	x_refsource_MISC
http://www.securitytracker.com/id/1041144	vdb-entry x_refsource_SECTRACK
https://usn.ubuntu.com/3850-1/	vendor-advisory x_refsource_UBUNTU
http://www.securitytracker.com/id/1041147	vdb-entry x_refsource_SECTRACK
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/	x_refsource_MISC
https://usn.ubuntu.com/3689-1/	vendor-advisory x_refsource_UBUNTU
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html	x_refsource_MISC
https://usn.ubuntu.com/3689-2/	vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/3692-2/	vendor-advisory x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html	mailing-list x_refsource_MLIST
https://www.debian.org/security/2018/dsa-4231	vendor-advisory x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3505	vendor-advisory x_refsource_REDHAT
https://usn.ubuntu.com/3850-2/	vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/3692-1/	vendor-advisory x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3221	vendor-advisory x_refsource_REDHAT
https://dev.gnupg.org/T4011	x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1297	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1296	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1543	vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2237	vendor-advisory x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=9010d1576e278a4274ad3f4aa15776c28f6ba965	x_refsource_MISC x_transferred
http://www.securitytracker.com/id/1041144	vdb-entry x_refsource_SECTRACK x_transferred
https://usn.ubuntu.com/3850-1/	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securitytracker.com/id/1041147	vdb-entry x_refsource_SECTRACK x_transferred
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/	x_refsource_MISC x_transferred
https://usn.ubuntu.com/3689-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html	x_refsource_MISC x_transferred
https://usn.ubuntu.com/3689-2/	vendor-advisory x_refsource_UBUNTU x_transferred
https://usn.ubuntu.com/3692-2/	vendor-advisory x_refsource_UBUNTU x_transferred
https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html	mailing-list x_refsource_MLIST x_transferred
https://www.debian.org/security/2018/dsa-4231	vendor-advisory x_refsource_DEBIAN x_transferred
https://access.redhat.com/errata/RHSA-2018:3505	vendor-advisory x_refsource_REDHAT x_transferred
https://usn.ubuntu.com/3850-2/	vendor-advisory x_refsource_UBUNTU x_transferred
https://usn.ubuntu.com/3692-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://access.redhat.com/errata/RHSA-2018:3221	vendor-advisory x_refsource_REDHAT x_transferred
https://dev.gnupg.org/T4011	x_refsource_MISC x_transferred
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC x_transferred
https://access.redhat.com/errata/RHSA-2019:1297	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2019:1296	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2019:1543	vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/errata/RHSA-2019:2237	vendor-advisory x_refsource_REDHAT x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References