1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
33.2%
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache
side-channel attack on ECDSA signatures that can be mitigated through the
use of blinding during the signing process in the _gcry_ecc_ecdsa_sign
function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem
or ROHNP. To discover an ECDSA key, the attacker needs access to either the
local machine or a different virtual machine on the same physical host.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | libgcrypt11 | < 1.5.3-2ubuntu4.6 | UNKNOWN |
ubuntu | 17.10 | noarch | libgcrypt20 | < 1.7.8-2ubuntu1.1 | UNKNOWN |
ubuntu | 18.04 | noarch | libgcrypt20 | < 1.8.1-4ubuntu1.1 | UNKNOWN |
ubuntu | 18.10 | noarch | libgcrypt20 | < 1.8.3-1ubuntu1 | UNKNOWN |
ubuntu | 19.04 | noarch | libgcrypt20 | < 1.8.3-1ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | libgcrypt20 | < 1.6.5-2ubuntu0.5 | UNKNOWN |
ubuntu | 18.04 | noarch | nss | < 2:3.35-2ubuntu2.1 | UNKNOWN |
ubuntu | 18.10 | noarch | nss | < 2:3.36.1-1ubuntu1.1 | UNKNOWN |
ubuntu | 14.04 | noarch | nss | < 2:3.28.4-0ubuntu0.14.04.4 | UNKNOWN |
ubuntu | 16.04 | noarch | nss | < 2:3.28.4-0ubuntu0.16.04.4 | UNKNOWN |
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.38_release_notes
launchpad.net/bugs/cve/CVE-2018-0495
lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
nvd.nist.gov/vuln/detail/CVE-2018-0495
security-tracker.debian.org/tracker/CVE-2018-0495
ubuntu.com/security/notices/USN-3689-1
ubuntu.com/security/notices/USN-3689-2
ubuntu.com/security/notices/USN-3692-1
ubuntu.com/security/notices/USN-3692-2
ubuntu.com/security/notices/USN-3850-1
ubuntu.com/security/notices/USN-3850-2
www.cve.org/CVERecord?id=CVE-2018-0495
www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
33.2%