Vulnerability CVE-2018-12437


Published: 2018-06-14   Modified: 2018-06-15

Description:
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Type:

CWE-320

(Key Management Errors)

Vendor: Libtom
Product: Libtomcrypt 
Version: 1.18.1;
Vendor: Botan project
Product: Botan 
Vendor: Mozilla
Product: Network security services 
Vendor: Gnupg
Product: Libgcrypt 
Vendor: Openssl
Product: Openssl 
Vendor: Libsunec project
Product: Libsunec 
Vendor: Matrixssl
Product: Matrixssl 
Vendor: Cryptlib
Product: Cryptlib 
Vendor: Openbsd
Product: Libressl 
Vendor: Google
Product: Boringssl 
Vendor: Wolfssl
Product: Wolfcrypt 

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/

Related CVE
CVE-2014-2901
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
CVE-2014-2902
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.
CVE-2014-2904
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
CVE-2019-18840
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfc...
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of si...
CVE-2019-16748
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
CVE-2019-11873
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of ...

Copyright 2019, cxsecurity.com

 

Back to Top