ID CVE-2018-12436 Type cve Reporter cve@mitre.org Modified 2018-08-06T16:55:00
Description
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
{"lastseen": "2020-09-21T14:28:56", "references": ["https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca", "https://www.wolfssl.com/wolfssh-and-rohnp/", "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"], "scheme": null, "description": "wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "edition": 2, "reporter": "cve@mitre.org", "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6}, "published": "2018-06-15T02:29:00", "title": "CVE-2018-12436", "type": "cve", "enchantments": {"dependencies": {"references": [], "modified": "2020-09-21T14:28:56", "rev": 2}, "score": {"value": 2.3, "vector": "NONE", "modified": "2020-09-21T14:28:56", "rev": 2}, "vulnersScore": 2.3}, "cwe": ["CWE-200"], "bulletinFamily": "NVD", "affectedSoftware": [{"cpeName": "wolfssl:wolfssl", "name": "wolfssl", "operator": "lt", "version": "3.15.3"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvelist": ["CVE-2018-12436"], "modified": "2018-08-06T16:55:00", "cpe": [], "id": "CVE-2018-12436", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12436", "viewCount": 2, "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}
