CVE-2018-12439: Infoleak
Published Jun 15, 2018
·Updated
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Affected Software
1 affected component
MatrixSSL MatrixSSL<=3.9.5
Event History
Jun 15, 2018
CVE Published
via MITRE·02:00 AM
Data Sourced
via MITRE·02:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2018-12439?
CVE-2018-12439 is considered a high severity vulnerability due to its potential to expose ECDSA keys.
2
How do I fix CVE-2018-12439?
To fix CVE-2018-12439, upgrade MatrixSSL to a version greater than 3.9.5.
3
What type of attack is associated with CVE-2018-12439?
CVE-2018-12439 is associated with a memory-cache side-channel attack on ECDSA signatures.
4
What are the implications of exploiting CVE-2018-12439?
Exploiting CVE-2018-12439 can allow an attacker to discover ECDSA keys, compromising cryptographic security.
5
Who is affected by CVE-2018-12439?
Users of MatrixSSL versions up to and including 3.9.5 are affected by CVE-2018-12439.