CVE-2018-12439: Infoleak
First published: Fri Jun 15 2018(Updated: )
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Matrixssl Matrixssl | <=3.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-12439?
CVE-2018-12439 is considered a high severity vulnerability due to its potential to expose ECDSA keys.
How do I fix CVE-2018-12439?
To fix CVE-2018-12439, upgrade MatrixSSL to a version greater than 3.9.5.
What type of attack is associated with CVE-2018-12439?
CVE-2018-12439 is associated with a memory-cache side-channel attack on ECDSA signatures.
What are the implications of exploiting CVE-2018-12439?
Exploiting CVE-2018-12439 can allow an attacker to discover ECDSA keys, compromising cryptographic security.
Who is affected by CVE-2018-12439?
Users of MatrixSSL versions up to and including 3.9.5 are affected by CVE-2018-12439.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/matrixssl
- canonical/matrixssl matrixssl
- version/matrixssl matrixssl/3.9.5