CVE-2018-12435
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-12435
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12435.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-12435
- Downstream
- Related
- Published
- 2018-06-15T02:29:00Z
- Modified
- 2025-10-15T09:19:20.031650Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ecgroup/ecgroup.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
- References
Affected packages
Git / github.com/randombit/botan
Affected ranges
- Type
- GIT
- Repo
- https://github.com/randombit/botan
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.10.0
1.10.0-rc1
1.10.1
1.11.0
1.11.1
1.11.10
1.11.11
1.11.12
1.11.13
1.11.14
1.11.15
1.11.16
1.11.17
1.11.18
1.11.19
1.11.2
1.11.20
1.11.21
1.11.22
1.11.23
1.11.24
1.11.25
1.11.26
1.11.27
1.11.28
1.11.29
1.11.3
1.11.30
1.11.31
1.11.32
1.11.33
1.11.34
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.5.10
1.5.11
1.5.12
1.5.13
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.2
1.7.20
1.7.21
1.7.22
1.7.23
1.7.24
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.9.0
1.9.1
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.18
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "261985192864557951179366783624112967952",
"length": 663.0
},
"id": "CVE-2018-12435-21464756",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ECDSA_PrivateKey::create_signature_op",
"file": "src/lib/pubkey/ecdsa/ecdsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"63828530500390897972952605470238977680",
"130954137610249659964909327655818924104",
"98899827306131857240629111382491570928",
"46555479556794535636512914427178128347"
],
"threshold": 0.9
},
"id": "CVE-2018-12435-32ec78bd",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/lib/pubkey/ec_group/ec_group.h"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "116489003691662140703510699805228708988",
"length": 286.0
},
"id": "CVE-2018-12435-855ebd5c",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "DSA_Signature_Operation",
"file": "src/lib/pubkey/dsa/dsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "3399799292250126605969172132655122568",
"length": 273.0
},
"id": "CVE-2018-12435-8c9b5d7a",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "DSA_PrivateKey::create_signature_op",
"file": "src/lib/pubkey/dsa/dsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"58116616507220994030954543283225305523",
"316877514269246862307555987479482658380",
"99706929009285918834624719812441087873",
"60889434164782433467640484127008347425",
"235795614162171330045041383267393358399",
"120768540065374326465360416490733587691",
"289415284268650549993377012184630595033",
"36736474228036832899700978010563621528",
"67579379841310141324077789200576498286",
"310327596523773454557726581052870464512",
"289425440031583088335974862716407744277",
"78662121448232185978659974044797138532",
"318497309749219608569273810930971471954",
"144871538586925749042004472031615538241",
"133519305278163883125221001094422901652",
"249200567800951566455368704228333308765",
"135495140789542942383235696952361142098",
"250615647035737521405670020263267688698",
"38257840139910356742885558135864034268",
"196810059693556686009377993678732151992",
"152874379878577221711871331541331475465",
"242235579273781885659532065790195317333",
"157314523651064575885921131364784557482",
"159876017856896778076160371390576590958",
"317390112773543421794634554602495061156",
"106274490495764670947784339046932691600",
"89273824603746185329131111119244197583",
"309323364834291745563480546572010306687",
"62005211866501164317533488031328590371",
"131604445823543842219833496908349025508",
"51092064454504563089266752684717672302",
"10768170693892644057806032779199193708",
"291051318504851075837738637200806493301",
"48389435320338499875022048596164639776",
"281659665703658907240689644757519716265",
"208753322893278073322597818654735007471",
"133164688011456378322426218431051941110",
"134715158528733863062561740893849043930",
"190768789872254698226971037046337598976",
"281549896157896210095350885623995704621"
],
"threshold": 0.9
},
"id": "CVE-2018-12435-90fcf6aa",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/lib/pubkey/dsa/dsa.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "127263449853484584773285695767151172675",
"length": 829.0
},
"id": "CVE-2018-12435-b8733411",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ECDSA_Verification_Operation::verify",
"file": "src/lib/pubkey/ecdsa/ecdsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "84344271081638037005691481226978889150",
"length": 884.0
},
"id": "CVE-2018-12435-bb8ce6e2",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ECDSA_Signature_Operation::raw_sign",
"file": "src/lib/pubkey/ecdsa/ecdsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"315743981437250505163503778592770908028",
"126783037389324835124105989919401738399",
"302740495076748089741141615876563730193",
"331236944455629937883219668108065210107",
"235795614162171330045041383267393358399",
"120768540065374326465360416490733587691",
"217359487354171375679935519542255576872",
"217501541830438322197270815759221877066",
"47124445256170967542374623412091330060",
"313846786735459695202203916984049590021",
"215399389004292900415495018983334641653",
"56350981011842313717264725443342177479",
"100232880738072132239168476714177976748",
"279992773369705345956024546072535893993",
"194509947045550171351705125801070130579",
"16709723243215243532809362461847522312",
"196682154889572264439482329554534506295",
"253528706781332042353274758319169375205",
"131012866440815110266832139684942383823",
"72018434113107124752234443329852601174",
"333056704355584279089617190996009005107",
"258844438711545744562016697188096791231",
"336987423074973974185727460440045761105",
"191688794765501186854126915137866673342",
"192793341455637854084812152843000897634",
"118196248245792535972252975730639787184",
"5109338441607321666265272489405208789",
"193595905628364954487391636736713915960",
"40120651780351108792909011466894279899",
"312492671156056458002197808127281191741",
"96087956618669926029239496875984570706",
"193769874352507449330633891940171551249"
],
"threshold": 0.9
},
"id": "CVE-2018-12435-dc16d8f7",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/lib/pubkey/ecdsa/ecdsa.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "117641418661810717215976480624615513227",
"length": 791.0
},
"id": "CVE-2018-12435-e6f145b1",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "DSA_Signature_Operation::raw_sign",
"file": "src/lib/pubkey/dsa/dsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "110059123667899556177216095087993916728",
"length": 257.0
},
"id": "CVE-2018-12435-ea7ac544",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ECDSA_Signature_Operation",
"file": "src/lib/pubkey/ecdsa/ecdsa.cpp"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"161606265205828887214017329829783420311",
"61256020933457532316066260018496851745",
"160524405502228939962251308489367427530",
"47869368716945977278493640492660826945",
"189414984540345685411319306281866718206",
"40834027883358122647950287600361759580",
"335271360044963990587288444834337871359",
"103116656860098126554705193781848549358",
"267188199683816881833391010104932965087",
"91587662802532390434463329879870425105",
"58105442112537801033336253770812042294",
"188115449220580972186498864190045174804",
"69916288945087236037344626226909942009",
"62045678519699028950123175983298503349"
],
"threshold": 0.9
},
"id": "CVE-2018-12435-f5a0d53f",
"source": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/lib/pubkey/ec_group/ec_group.cpp"
},
"signature_type": "Line"
}
]