alpine · CVE-2018-12434

Quick triage

Priority: medium Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2018-12434: 1 source package rows (libressl); 2 state rows across 2 repos (3.22-community, edge-community); fixed 0, open 2.

Description:

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

cvelogic Threat Intelligence