VDB

ALPINE-CVE-2018-0495

ALPINE-CVE-2018-0495 PUBLISHED CVSS 4.699999809265137 MEDIUM

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Risk Scores

CVSS v3.0
4.699999809265137
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.9libgcrypt1.8.2-r0, 1.8.1-r0, 1.8.0-r1
Alpine:v3.11libgcrypt1.4.4-r0, 1.4.3-r0, 0
Alpine:v3.16libgcrypt1.4.5-r1, 1.4.6-r0, 1.4.6-r1
Alpine:v3.18libgcrypt1.7.8-r0, 0, 1.4.3-r0
Alpine:v3.6libgcrypt1.6.1-r1, 1.6.2-r0, 1.6.3-r0
Alpine:v3.8libressl2.4.5-r0, 2.4.2-r0, 0
Alpine:v3.22libgcrypt1.8.2-r0, 0, 1.4.4-r0
Alpine:v3.20libgcrypt1.6.4-r0, 1.8.2-r0, 1.8.1-r0
Alpine:v3.8libgcrypt1.4.6-r0, 1.4.5-r0, 1.4.4-r1
Alpine:v3.12libressl2.4.3-r2, 2.5.5-r2, 2.4.4-r0
Alpine:v3.11libressl2.4.4-r0, 2.7.3-r1, 2.7.3-r0
Alpine:v3.7libressl2.6.3-r0, 2.6.4-r2, 2.6.4-r1
Alpine:v3.21libgcrypt1.7.1-r0, 0, 1.4.3-r0
Alpine:v3.23libgcrypt1.8.0-r1, 1.8.2-r0, 1.8.1-r0
Alpine:v3.10libgcrypt1.8.0-r0, 1.6.1-r0, 1.6.1-r1
Alpine:v3.17libgcrypt1.7.0-r0, 1.6.4-r0, 1.6.5-r0
Alpine:v3.12libgcrypt1.6.2-r0, 0, 1.4.3-r0
Alpine:v3.14libgcrypt1.4.5-r0, 1.6.2-r0, 1.6.1-r1
Alpine:v3.15libgcrypt1.7.6-r0, 0, 1.4.3-r0
Alpine:v3.5libgcrypt1.5.2-r0, 1.7.9-r0, 1.7.8-r0

…and 6 more

Timeline

  • Jun 13, 2018 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›