Skip to main content

Libgcrypt CVE-2018-0495

MEDIUM
Observable Discrepancy (CWE-203)
2018-06-13 security@debian.org
4.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 13, 2018 - 23:29 nvd
MEDIUM 4.7

DescriptionNVD

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

AnalysisAI

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-203. Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Affected products include: Gnupg Libgcrypt, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Ansible Tower, Redhat Enterprise Linux Desktop. Version information: before 1.7.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-6829 HIGH POC
7.5 Feb 07

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, whic

CVE-2021-40528 MEDIUM POC
5.9 Sep 06

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two c

CVE-2017-0379 HIGH
7.5 Aug 29

Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers t

CVE-2021-3345 HIGH
7.8 Jan 29

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest

CVE-2021-33560 HIGH
7.5 Jun 08

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to addres

CVE-2026-41989 MEDIUM
6.7 Apr 23

Heap-based buffer overflow in Libgcrypt before 1.12.2 allows local attackers to trigger denial of service and corrupt me

CVE-2017-9526 MEDIUM
5.9 Jun 11

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signin

CVE-2016-6313 MEDIUM
5.3 Dec 13

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.

CVE-2019-12904 MEDIUM
5.9 Jun 20

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical

CVE-2014-5270 LOW
2.1 Oct 10

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciph

CVE-2015-7511 LOW
2.0 Apr 19

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it e

CVE-2013-4242 LOW
1.9 Aug 19

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users t

Share

CVE-2018-0495 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy