CVE-2018-0495
Published: 13 June 2018
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Released
(1.5.3-2ubuntu4.6)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
libgcrypt20 Launchpad, Ubuntu, Debian |
artful |
Released
(1.7.8-2ubuntu1.1)
|
| bionic |
Released
(1.8.1-4ubuntu1.1)
|
|
| cosmic |
Released
(1.8.3-1ubuntu1)
|
|
| disco |
Released
(1.8.3-1ubuntu1)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(1.7.10,1.8.3)
|
|
| xenial |
Released
(1.6.5-2ubuntu0.5)
|
|
|
Patches: upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965 |
||
|
nss Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Released
(2:3.35-2ubuntu2.1)
|
|
| cosmic |
Released
(2:3.36.1-1ubuntu1.1)
|
|
| disco |
Not vulnerable
(2:3.39-1ubuntu1)
|
|
| trusty |
Released
(2:3.28.4-0ubuntu0.14.04.4)
|
|
| upstream |
Released
(3.38)
|
|
| xenial |
Released
(2:3.28.4-0ubuntu0.16.04.4)
|
|
|
Patches: upstream: https://hg.mozilla.org/projects/nss/rev/ca18ca4ba00d |
||
|
openssl Launchpad, Ubuntu, Debian |
artful |
Released
(1.0.2g-1ubuntu13.6)
|
| bionic |
Released
(1.1.0g-2ubuntu4.1)
|
|
| cosmic |
Released
(1.1.0g-2ubuntu5)
|
|
| disco |
Released
(1.1.0g-2ubuntu5)
|
|
| trusty |
Released
(1.0.1f-1ubuntu2.26)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(1.0.2g-1ubuntu4.13)
|
|
|
Patches: upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=949ff36623eafc3523a9f91784992965018ffb05 (1.0.2) upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=0c27d793745c7837b13646302b6890a556b7017a (1.1) |
||
|
openssl098 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needs-triage)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
openssl1.0 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Released
(1.0.2n-1ubuntu5.1)
|
|
| cosmic |
Released
(1.0.2n-1ubuntu6)
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.7 |
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
- https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
- https://ubuntu.com/security/notices/USN-3689-1
- https://ubuntu.com/security/notices/USN-3689-2
- https://ubuntu.com/security/notices/USN-3692-1
- https://ubuntu.com/security/notices/USN-3692-2
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes
- https://ubuntu.com/security/notices/USN-3850-1
- https://ubuntu.com/security/notices/USN-3850-2
- NVD
- Launchpad
- Debian