Product:

Boringssl

(Google)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2018-06-15 CVE-2018-12437 LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Botan, Cryptlib, Libgcrypt, Boringssl, Libsunec, Libtomcrypt, Matrixssl, Network_security_services, Libressl, Openssl, Wolfcrypt 4.9
2018-06-15 CVE-2018-12440 BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Boringssl 4.7
2018-06-15 CVE-2018-12438 The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Botan, Cryptlib, Libgcrypt, Boringssl, Libsunec, Libtomcrypt, Matrixssl, Network_security_services, Libressl, Openssl, Wolfcrypt 4.9
2018-06-15 CVE-2018-12433 ** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model. Botan, Cryptlib, Libgcrypt, Boringssl, Libsunec, Libtomcrypt, Matrixssl, Network_security_services, Libressl, Openssl, Wolfcrypt 4.9