The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N | 0.5 | 4.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,CWE-320,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libsunec_project | libsunec | - |