Описание
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.5 (исключая)
Одно из
cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:2.7.3:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.0015
Низкий
4.7 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 4.7
debian
больше 7 лет назад
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache sid ...
CVSS3: 4.7
github
больше 3 лет назад
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
EPSS
Процентиль: 36%
0.0015
Низкий
4.7 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-200