Fluid Attacks Database

Description

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libtomcrypt	>=0 <1.18.2-1	1.18.2-1
debian 13	libtomcrypt	>=0 <1.18.2-1	1.18.2-1
debian 12	libtomcrypt	>=0 <1.18.2-1	1.18.2-1
debian 11	libtomcrypt	>=0 <1.18.2-1	1.18.2-1

Aliases

1. CVE-2018-124372. NVD-2018-124373. OSV-DEBIAN-2018-124374. OSV-2018-124375. SECURITY-TRACKER-CVE-2018-12437

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.