CVE-2018-0495
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-0495
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0495.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-0495
- Related
- Published
- 2018-06-13T23:29:00Z
- Modified
- 2024-09-18T02:55:52.139339Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
- References
-
- http://www.securitytracker.com/id/1041144
- http://www.securitytracker.com/id/1041147
- https://access.redhat.com/errata/RHSA-2018:3221
- https://access.redhat.com/errata/RHSA-2018:3505
- https://access.redhat.com/errata/RHSA-2019:1296
- https://access.redhat.com/errata/RHSA-2019:1297
- https://access.redhat.com/errata/RHSA-2019:1543
- https://access.redhat.com/errata/RHSA-2019:2237
- https://dev.gnupg.org/T4011
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
- https://www.debian.org/security/2018/dsa-4231
- https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=9010d1576e278a4274ad3f4aa15776c28f6ba965
- https://usn.ubuntu.com/3689-1/
- https://usn.ubuntu.com/3689-2/
- https://usn.ubuntu.com/3692-1/
- https://usn.ubuntu.com/3692-2/
- https://usn.ubuntu.com/3850-1/
- https://usn.ubuntu.com/3850-2/
- https://security.alpinelinux.org/vuln/CVE-2018-0495
- https://security-tracker.debian.org/tracker/CVE-2018-0495
Affected packages
Alpine:v3.10 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.10 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Alpine:v3.11 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.11 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Alpine:v3.12 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.12 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Alpine:v3.13 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.13 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Alpine:v3.14 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.15 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.16 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.17 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.18 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.19 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.20 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.5 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Alpine:v3.6 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Alpine:v3.7 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
Alpine:v3.7 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Alpine:v3.8 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.8 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Alpine:v3.9 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- pkg:apk/alpine/libgcrypt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.3-r0
Affected versions
1.*
1.4.3-r0
1.4.4-r0
1.4.4-r1
1.4.5-r0
1.4.5-r1
1.4.5-r2
1.4.6-r0
1.4.6-r1
1.4.6-r2
1.5.0-r0
1.5.1-r0
1.5.2-r0
1.5.3-r0
1.6.0-r0
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.3-r0
1.7.5-r0
1.7.6-r0
1.7.7-r0
1.7.8-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.2-r0
Alpine:v3.9 / libressl
Package
- Name
- libressl
- Purl
- pkg:apk/alpine/libressl?arch=source
Debian:11 / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/debian/libgcrypt20?arch=source
Debian:12 / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/debian/libgcrypt20?arch=source
Debian:13 / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/debian/libgcrypt20?arch=source
Git / git.gnupg.org/libgcrypt.git
Affected ranges
- Type
- GIT
- Repo
- git://git.gnupg.org/libgcrypt.git
- Events
- Type
- GIT
- Repo
- https://github.com/gpg/libgcrypt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
DEVEL-BRANCH-1-1
V-0-2-8
V0-0-0
V0-1-0
V0-2-0
V0-2-10
V0-2-15
V0-2-17
V0-2-18
V0-2-19
V0-2-6
V0-3-0
V0-3-1
V0-3-2
V0-3-3
V0-3-4
V0-3-5
V0-4-0
V0-4-1
V0-4-2
V0-4-3
V0-4-4
V0-4-5
V0-9-0
V0-9-1
V0-9-10
V0-9-11
V0-9-2
V0-9-3
V0-9-4
V0-9-5
V0-9-6
V0-9-7
V0-9-8
V0-9-9
V1-0-0
V1-0-1
V1-0-1-ePit-1
V1-0-2
V1-0-3
V1-0-4
V1-1-0
V1-1-10
V1-1-11
V1-1-12
V1-1-2
V1-1-3
V1-1-4
V1-1-42
V1-1-43
V1-1-44
V1-1-5
V1-1-6
V1-1-7
V1-1-8
V1-1-9
V1-1-90
V1-1-91
V1-1-92
V1-1-93
V1-1-94
V1-2-0
V1-2-1
ecc-integration-done
last-gpl-version
marcus-after-thread-cbs
marcus-before-thread-cbs
now-less-freedom-protected
post-nuke-of-trailing-ws
libgcrypt-1.*
libgcrypt-1.3.0
libgcrypt-1.3.1
libgcrypt-1.3.2
libgcrypt-1.4.0
libgcrypt-1.4.1
libgcrypt-1.4.1rc1
libgcrypt-1.4.2
libgcrypt-1.4.2rc1
libgcrypt-1.4.2rc2
libgcrypt-1.4.3
libgcrypt-1.4.4
libgcrypt-1.5.0
libgcrypt-1.5.0-beta1
libgcrypt-1.6.0
libgcrypt-1.7.0
libgcrypt-1.7.1
libgcrypt-1.7.2
libgcrypt-1.7.3
libgcrypt-1.7.4
libgcrypt-1.7.5
libgcrypt-1.7.6
libgcrypt-1.7.7
libgcrypt-1.7.8
libgcrypt-1.7.9
libgcrypt-1.8.0
libgcrypt-1.8.1
libgcrypt-1.8.2