CVE-2018-0495 — MEDIUM (4.7)

Q: How severe is CVE-2018-0495?

CVE-2018-0495 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-0495?

Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Libgcrypt, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Ansible Tower, Redhat Enterprise Linux Desktop.

Vulnerability Description

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

CVSS Score

4.7

MEDIUM

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnupg	Libgcrypt	< 1.7.10
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Redhat	Ansible Tower	3.3
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0
Oracle	Traffic Director	11.1.1.9.0

Related Weaknesses (CWE)

CWE-203

References

http://www.securitytracker.com/id/1041144Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041147Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:3221Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3505Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2019:2237
https://dev.gnupg.org/T4011PatchVendor Advisory
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=9010d157
https://lists.debian.org/debian-lts-announce/2018/06/msg00013.htmlMailing ListThird Party Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.htmlVendor Advisory
https://usn.ubuntu.com/3689-1/Third Party Advisory
https://usn.ubuntu.com/3689-2/Third Party Advisory
https://usn.ubuntu.com/3692-1/Third Party Advisory

FAQ

What is CVE-2018-0495?

CVE-2018-0495 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_e...

How severe is CVE-2018-0495?

CVE-2018-0495 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0495?

Check the references section above for vendor advisories and patch information. Affected products include: Gnupg Libgcrypt, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Ansible Tower, Redhat Enterprise Linux Desktop.