Medium severity4.9NVD Advisory· Published Jun 15, 2018· Updated Jun 17, 2026

CVE-2018-12433

Description

cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model

Affected products

Fdik/Cryptlibinferred
Range: <=3.4.4
Cryptlib/cryptlibllm-create
Range: <=3.4.4

Patches

Vulnerability mechanics

References

www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/nvdExploitTechnical DescriptionThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000