← Back

CVE-2018-0495

nvd nist
Published: Jun 13, 2018Modified: Nov 21, 2024

JSON object

Loading...
4.7
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.0 / Impact: 3.6
Source: NVD

Description

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Affected (15)

Show all products
Gnupg: Libgcrypt · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Ansible Tower, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Oracle: Traffic Director
Gnupg
1 product
Libgcrypt
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Redhat
4 products
Ansible Tower
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Oracle
1 product
Traffic Director
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Gnupg
Libgcrypt
Before 1.7.10
Libgcrypt
From 1.8.0 to 1.8.3
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 17.10
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 18.10
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Ansible Tower
Version 3.3
Enterprise Linux Desktop
Version 7.0
Enterprise Linux Server
Version 7.0
Enterprise Linux Workstation
Version 7.0
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Traffic Director
Version 11.1.1.9.0

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (42)

Source: security@debian.org
Third Party AdvisoryVDB Entry
Source: security@debian.org
Third Party AdvisoryVDB Entry
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
PatchVendor Advisory
Source: security@debian.org
Source: security@debian.org
Mailing ListThird Party Advisory
Source: security@debian.org
Vendor Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
ExploitThird Party Advisory
Source: security@debian.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.