Upstream information
Description
cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat modelSUSE information
Overall state of this security issue: Does not affect SUSE products
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 1.9 |
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
| CVSS detail | National Vulnerability Database | SUSE |
|---|---|---|
| Base Score | 4.9 | 4.9 |
| Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| Attack Vector | Physical | Physical |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Changed | Changed |
| Confidentiality Impact | High | High |
| Integrity Impact | None | None |
| Availability Impact | None | None |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Timeline for this CVE
CVE page created: Mon Jul 30 10:15:56 2018CVE page last modified: Mon Oct 6 19:17:01 2025