RSS   Vulnerabilities for 'Boringssl'   RSS

2018-06-14
 
CVE-2018-12440

CWE-200
 

 
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

 
 
CVE-2018-12438

CWE-320
 

 
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

 
 
CVE-2018-12437

CWE-320
 

 
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

 
 
CVE-2018-12433

CWE-320
 

 
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model.

 

 >>> Vendor: Google 95 Products
Cardboard
Toolbar
Chrome
Desktop
TALK
Mini search appliance
Search appliance
Api search
Earth
Web toolkit
Custom search engine
Calendar events
Picasa
KML
Android sdk
Google apps
Gears
Android browser
Android
V8
Google sketchup
Chrome os
App engine python sdk
Idapython
Cr-48 chromebook
Chr2000ome
Sketchup
Chrome2000
Chrom2000e
Bionic
Blink
Tunnelblick
Mod pagespeed
Email
Admob
Checkout-php
Cityhash
Android sdk tools
Chrome frame
Frame
Google authenticator
Authenticator
Glass
Android api
Search appliance software
Android debug bridge
Android sdk platform tools
Nexus 7
Play services sdk
Kubernetes
Android one
Sfntly
GRPC
Google i/o 2017
News and weather
Protobuf
Gmail
Boringssl
Santa
Chromecast firmware
Home firmware
Rendertron
Kubernetes engine
Guava
Tensorflow
Snappy
Nexus 7 firmware
Nexus 9 firmware
Voice builder
Cloud messaging notification
Nest cam iq indoor firmware
Fscrypt
Gizmo5
Closure library
Openthread
Chrome-launcher
Asylo
Go-tpm
Brotli
Gerrit
Flatbuffers
Secret manager provider for secret store csi driver
Slashify
Exposure notifications verification server
Bazel
Cloud iot device sdk for embedded c
Bindiff
Angle
Exposure notification verification server
Google-protobuf
Protobuf-java
Protobuf-kotlin
Fuchsia
Go-attestation
Oauth client library for java


Copyright 2024, cxsecurity.com

 

Back to Top