Vulnerabilities > CVE-2018-12438 - Key Management Errors vulnerability in Libsunec Project Libsunec

CVSS 4.9 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

libsunec-project

CWE-320

NVD

Published: 2018-06-15

Updated: 2024-11-21

Summary

The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vulnerable Configurations

Part	Description	Count
Application	Libsunec_Project Libsunec Project Libsunec -	1

Common Weakness Enumeration (CWE)

CWE-320 - Key Management Errors

References

https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/