QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12434

Published: Jun 15, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt

x_refsource_MISC

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

x_refsource_MISC

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.