PT-2018-11170 · Openssl Project The Openbsd+2 · Libressl+2

Keegan Ryan

Published

2018-06-14

Updated

2024-06-15

CVE-2018-12434

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LibreSSL versions prior to 2.6.5 LibreSSL versions 2.7.x prior to 2.7.4

Description The issue allows for a memory-cache side-channel attack on DSA and ECDSA signatures. This is also known as the Return Of the Hidden Number Problem or ROHNP. To exploit this, an attacker would need access to either the local machine or a different virtual machine on the same physical host.

Recommendations For LibreSSL versions prior to 2.6.5, update to version 2.6.5 or later. For LibreSSL versions 2.7.x prior to 2.7.4, update to version 2.7.4 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2018-2116

CVE-2018-12434

OPENSUSE-SU-2018_2592-1

OPENSUSE-SU-2018_2597-1

OPENSUSE-SU-2024:10985-1

Affected Products

Alt Linux

Libressl

Suse

PT-2018-11170 · Openssl Project The Openbsd+2 · Libressl+2

CVE-2018-12434

Weakness Enumeration

Related Identifiers

Affected Products

References · 19