suse · CVE-2018-0495

Quick triage

Priority: medium Published: 2021-05-30 14:06:35 UTC Updated: 2026-04-17 15:45:01 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-0495 severity moderate: SUSE including 599 source package names (0.9.1:libgcrypt20-1.6.1-16.62.1, 1.0.0.1862.1.5.2:libfreebl3-3.40.1-3.7.2, …), 1484 product×package rows across 360 product lines (Container bci/bci-sle15-kernel-module-devel, Container bci/kiwi, … (360 product lines)): Fixed 1282, Known Affected 157, Known Not Affected 43, Will Not Fix 2.

Description:

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

cvelogic Threat Intelligence