MidnightBSD

Advisories for libsunec_project

CVE-2018-12438 LOW

The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 0.5 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-320,

Products Affected

Vendor Product Version
libsunec_project libsunec -