Main Vulnerability Database Exploits ID:2296 - Exploit for Memory-cache side-channel attack in Libgcrypt - CVE-2018-0495

ID:2296 - Exploit for Memory-cache side-channel attack in Libgcrypt - CVE-2018-0495

Published: April 7, 2020

Vulnerability identifier: #VU13370

Vulnerability risk: Low

CVE-ID: CVE-2018-0495

CWE-ID: CWE-200

Exploitation vector: Local access

Vulnerable software:
Libgcrypt

Link to public exploit:

https://github.com/gottburgm/Exploits

Vulnerability description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks.

Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.

Remediation

Update to version 1.7.10, 1.8.3.

ID:2296 - Exploit for Memory-cache side-channel attack in Libgcrypt - CVE-2018-0495

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human