CVE-2018-0495

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-0495
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-0495.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-0495
Downstream
Related
Published
2018-06-13T23:29:00.333Z
Modified
2026-02-03T06:58:34.637122Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

References

Affected packages

Git / git.gnupg.org/libgcrypt.git

Affected ranges

Type
GIT
Repo
git://git.gnupg.org/libgcrypt.git
Events
Introduced
850aca744eeda5fd410f478a0778e353045ac962
Fixed
5600d2d6b23640b0114655214f18959ee81fe58e
Fixed
ff8f7e53ce6b8a5681667595c6287323652ae157

Affected versions

libgcrypt-1.*
libgcrypt-1.8.0
libgcrypt-1.8.1
libgcrypt-1.8.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-0495.json"