QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12436

Published: Jun 15, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

x_refsource_MISC

https://www.wolfssl.com/wolfssh-and-rohnp/

x_refsource_MISC

https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.