Executive Summary

Informations
Name CVE-2018-12436 First vendor Publication 2018-06-14
Vendor Cve Last vendor Modification 2018-08-06

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score 4.7
Base Score 4.7 Environmental Score 4.7
impact SubScore 3.6 Temporal Score 4.7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12436

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

Source Url
MISC https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f2...
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-h...
https://www.wolfssl.com/wolfssh-and-rohnp/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 13:08:09
  • Multiple Updates
2021-04-22 02:21:56
  • Multiple Updates
2020-05-23 02:10:48
  • Multiple Updates
2020-05-23 01:06:49
  • Multiple Updates
2019-05-17 12:09:26
  • Multiple Updates
2018-08-06 21:19:34
  • Multiple Updates
2018-06-15 09:19:17
  • First insertion