Vulnerability Description
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libtom | Libtomcrypt | <= 1.18.1 |
| Linaro | Op-Tee | <= 3.5.0 |
Related Weaknesses (CWE)
References
- https://security.gentoo.org/glsa/202007-53Third Party Advisory
- https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hiddExploitTechnical DescriptionThird Party Advisory
- https://security.gentoo.org/glsa/202007-53Third Party Advisory
- https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hiddExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2018-12437?
CVE-2018-12437 is a vulnerability with a CVSS score of 4.9 (MEDIUM). LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to e...
How severe is CVE-2018-12437?
CVE-2018-12437 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12437?
Check the references section above for vendor advisories and patch information. Affected products include: Libtom Libtomcrypt, Linaro Op-Tee.