{"id":"CVE-2018-12435","details":"Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.","modified":"2026-07-08T14:14:11.510588Z","published":"2018-06-15T02:29:00.377Z","related":["openSUSE-SU-2024:10594-1"],"references":[{"type":"ADVISORY","url":"https://botan.randombit.net/security.html"},{"type":"FIX","url":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3"},{"type":"EVIDENCE","url":"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/randombit/botan","events":[{"introduced":"c1e5b7193c493ec3d8946fadeb89c05c912b10c5"},{"last_affected":"5874000d42c338ec95a7ff24cdc0c64e70f967b5"},{"fixed":"48fc8df51d99f9d8ba251219367b3d629cc848e3"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.5.0"},{"last_affected":"2.7.0"}]}}],"versions":["2.7.0","2.6.0","2.5.0"],"database_specific":{"vanir_signatures_modified":"2026-07-08T14:14:11Z","vanir_signatures":[{"digest":{"function_hash":"261985192864557951179366783624112967952","length":663},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"ECDSA_PrivateKey::create_signature_op","file":"src/lib/pubkey/ecdsa/ecdsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-21464756"},{"digest":{"threshold":0.9,"line_hashes":["63828530500390897972952605470238977680","130954137610249659964909327655818924104","98899827306131857240629111382491570928","46555479556794535636512914427178128347"]},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"file":"src/lib/pubkey/ec_group/ec_group.h"},"signature_type":"Line","id":"CVE-2018-12435-32ec78bd"},{"digest":{"function_hash":"116489003691662140703510699805228708988","length":286},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"DSA_Signature_Operation","file":"src/lib/pubkey/dsa/dsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-855ebd5c"},{"digest":{"function_hash":"3399799292250126605969172132655122568","length":273},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"DSA_PrivateKey::create_signature_op","file":"src/lib/pubkey/dsa/dsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-8c9b5d7a"},{"digest":{"threshold":0.9,"line_hashes":["58116616507220994030954543283225305523","316877514269246862307555987479482658380","99706929009285918834624719812441087873","60889434164782433467640484127008347425","235795614162171330045041383267393358399","120768540065374326465360416490733587691","289415284268650549993377012184630595033","36736474228036832899700978010563621528","67579379841310141324077789200576498286","310327596523773454557726581052870464512","289425440031583088335974862716407744277","78662121448232185978659974044797138532","318497309749219608569273810930971471954","144871538586925749042004472031615538241","133519305278163883125221001094422901652","249200567800951566455368704228333308765","135495140789542942383235696952361142098","250615647035737521405670020263267688698","38257840139910356742885558135864034268","196810059693556686009377993678732151992","152874379878577221711871331541331475465","242235579273781885659532065790195317333","157314523651064575885921131364784557482","159876017856896778076160371390576590958","317390112773543421794634554602495061156","106274490495764670947784339046932691600","89273824603746185329131111119244197583","309323364834291745563480546572010306687","62005211866501164317533488031328590371","131604445823543842219833496908349025508","51092064454504563089266752684717672302","10768170693892644057806032779199193708","291051318504851075837738637200806493301","48389435320338499875022048596164639776","281659665703658907240689644757519716265","208753322893278073322597818654735007471","133164688011456378322426218431051941110","134715158528733863062561740893849043930","190768789872254698226971037046337598976","281549896157896210095350885623995704621"]},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"file":"src/lib/pubkey/dsa/dsa.cpp"},"signature_type":"Line","id":"CVE-2018-12435-90fcf6aa"},{"digest":{"function_hash":"127263449853484584773285695767151172675","length":829},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"ECDSA_Verification_Operation::verify","file":"src/lib/pubkey/ecdsa/ecdsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-b8733411"},{"digest":{"function_hash":"84344271081638037005691481226978889150","length":884},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"ECDSA_Signature_Operation::raw_sign","file":"src/lib/pubkey/ecdsa/ecdsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-bb8ce6e2"},{"digest":{"threshold":0.9,"line_hashes":["315743981437250505163503778592770908028","126783037389324835124105989919401738399","302740495076748089741141615876563730193","331236944455629937883219668108065210107","235795614162171330045041383267393358399","120768540065374326465360416490733587691","217359487354171375679935519542255576872","217501541830438322197270815759221877066","47124445256170967542374623412091330060","313846786735459695202203916984049590021","215399389004292900415495018983334641653","56350981011842313717264725443342177479","100232880738072132239168476714177976748","279992773369705345956024546072535893993","194509947045550171351705125801070130579","16709723243215243532809362461847522312","196682154889572264439482329554534506295","253528706781332042353274758319169375205","131012866440815110266832139684942383823","72018434113107124752234443329852601174","333056704355584279089617190996009005107","258844438711545744562016697188096791231","336987423074973974185727460440045761105","191688794765501186854126915137866673342","192793341455637854084812152843000897634","118196248245792535972252975730639787184","5109338441607321666265272489405208789","193595905628364954487391636736713915960","40120651780351108792909011466894279899","312492671156056458002197808127281191741","96087956618669926029239496875984570706","193769874352507449330633891940171551249"]},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"file":"src/lib/pubkey/ecdsa/ecdsa.cpp"},"signature_type":"Line","id":"CVE-2018-12435-dc16d8f7"},{"digest":{"function_hash":"117641418661810717215976480624615513227","length":791},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"DSA_Signature_Operation::raw_sign","file":"src/lib/pubkey/dsa/dsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-e6f145b1"},{"digest":{"function_hash":"110059123667899556177216095087993916728","length":257},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"function":"ECDSA_Signature_Operation","file":"src/lib/pubkey/ecdsa/ecdsa.cpp"},"signature_type":"Function","id":"CVE-2018-12435-ea7ac544"},{"digest":{"threshold":0.9,"line_hashes":["161606265205828887214017329829783420311","61256020933457532316066260018496851745","160524405502228939962251308489367427530","47869368716945977278493640492660826945","189414984540345685411319306281866718206","40834027883358122647950287600361759580","335271360044963990587288444834337871359","103116656860098126554705193781848549358","267188199683816881833391010104932965087","91587662802532390434463329879870425105","58105442112537801033336253770812042294","188115449220580972186498864190045174804","69916288945087236037344626226909942009","62045678519699028950123175983298503349"]},"deprecated":false,"source":"https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3","signature_version":"v1","target":{"file":"src/lib/pubkey/ec_group/ec_group.cpp"},"signature_type":"Line","id":"CVE-2018-12435-f5a0d53f"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12435.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}]}