Cryptlib

stack.watch can email you when security vulnerabilities are reported in Cryptlib. You can add multiple products that you use with Cryptlib to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in Cryptlib . Cryptlib did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	3	4.90

It may take a day or so for new Cryptlib vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Cryptlib Security Vulnerabilities

DISPUTED cryptlib through 3.4.4

CVE-2018-12433 4.9 - Medium - June 15, 2018

** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model.

CVE-2018-12433 can be explotited with physical access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 0.5 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Key Management Errors

The Elliptic Curve Cryptography library (aka sunec or libsunec)

CVE-2018-12438 4.9 - Medium - June 15, 2018

The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

CVE-2018-12438 is exploitable with physical access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 0.5 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Key Management Errors

LibTomCrypt through 1.18.1

CVE-2018-12437 4.9 - Medium - June 15, 2018

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

CVE-2018-12437 can be explotited with physical access, and does not require authorization privledges or user interaction. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 0.5 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Key Management Errors

Cryptlib

By the Year

Latest Cryptlib Security Vulnerabilities

** DISPUTED ** cryptlib through 3.4.4 CVE-2018-12433 4.9 - Medium - June 15, 2018

The Elliptic Curve Cryptography library (aka sunec or libsunec) CVE-2018-12438 4.9 - Medium - June 15, 2018

LibTomCrypt through 1.18.1 CVE-2018-12437 4.9 - Medium - June 15, 2018

DISPUTED cryptlib through 3.4.4

CVE-2018-12433 4.9 - Medium - June 15, 2018

The Elliptic Curve Cryptography library (aka sunec or libsunec)

CVE-2018-12438 4.9 - Medium - June 15, 2018

LibTomCrypt through 1.18.1

CVE-2018-12437 4.9 - Medium - June 15, 2018