Home

CVE-2018-0495

Description

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Risk Information

Base Score
4.7
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.252

Associated Vulnerability

VulnerabilityOS Platform
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt11_1.5.3-2ubuntu4.6_i386.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt11_1.5.3-2ubuntu4.6_amd64.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt20_1.6.5-2ubuntu0.5_i386.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt20_1.6.5-2ubuntu0.5_amd64.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt20_1.7.8-2ubuntu1.1_i386.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt20_1.7.8-2ubuntu1.1_amd64.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt20_1.8.1-4ubuntu1.1_i386.debLinux
LGPL Crypto library (USN-3689-1) libgcrypt20_1.8.1-4ubuntu1.1_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.1_1.1.0g-2ubuntu4.1_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.1_1.1.0g-2ubuntu4.1_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2n-1ubuntu5.1_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2n-1ubuntu5.1_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.1f-1ubuntu2.26_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.1f-1ubuntu2.26_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu13.6_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu13.6_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu4.13_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.35-2ubuntu2.1_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.35-2ubuntu2.1_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.36.1-1ubuntu1.1_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.36.1-1ubuntu1.1_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
libgcrypt20 security update(DSA-3959-1) libgcrypt20_1.7.6-2+deb9u3_i386.debLinux
libgcrypt20 security update(DSA-4231-1) libgcrypt20_1.7.6-2+deb9u3_i386.debLinux
libgcrypt20 security update(DSA-4231-1) libgcrypt20_1.7.6-2+deb9u3_amd64.debLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt-debugsource-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-32bit-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-debuginfo-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-debuginfo-32bit-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Server 12-SP3 ) libgcrypt20-hmac-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2089-1(SUSE Linux Enterprise Server 12-SP3 ) libgcrypt20-hmac-32bit-1.6.1-16.55.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt-debugsource-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-32bit-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-debuginfo-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Desktop 12-SP3 ) libgcrypt20-debuginfo-32bit-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Server 12-SP3 ) libgcrypt20-hmac-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:2452-2(SUSE Linux Enterprise Server 12-SP3 ) libgcrypt20-hmac-32bit-1.6.1-16.62.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Server 12-SP3 ) libfreebl3-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Server 12-SP3 ) libfreebl3-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreebl3-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreebl3-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-32bit-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debuginfo-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debuginfo-32bit-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debugsource-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debugsource-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-tools-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-tools-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-60.4.0esr-109.55.1.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpmLinux
(RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpmLinux
(CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpmLinux
Observable Discrepancy Vulnerability (CVE-2018-0495)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234