CVE-2018-12433

Name of the Vulnerable Software and Affected Versions cryptlib versions 3.4.4 and earlier

Description The issue allows a memory-cache side-channel attack on DSA and ECDSA signatures, also known as the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. It's noted that the vendor does not include side-channel attacks within its threat model.

Recommendations For versions 3.4.4 and earlier, as a temporary workaround, consider restricting access to sensitive operations that rely on DSA and ECDSA signatures until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.