Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2018-12436

Published: 15/06/2018 Updated: 06/08/2018
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

wolfcrypt/src/ecc.c in wolfSSL prior to 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vulnerable Product Search on Vulmon Subscribe to Product

wolfssl wolfssl

Vendor Advisories

Debian CVElist Bug Report Logs: wolfssl: CVE-2018-12436
Debian Bug report logs - #901627 wolfssl: CVE-2018-12436 Package: src:wolfssl; Maintainer for src:wolfssl is Felix Lechner <felixlechner@lease-upcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Jun 2018 19:27:02 UTC Severity: grave Tags: security, upstream Found in version wolfssl/3130+d ...

References

CWE-200https://www.wolfssl.com/wolfssh-and-rohnp/https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5cahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901627https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710arbitrary CVE-2024-5272CVE-2024-2961brute forceremoteCVE-2024-32944CVE-2024-36241CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook