{"id":"CVE-2018-12436","details":"wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.","modified":"2026-04-11T06:58:44.126688Z","published":"2018-06-15T02:29:00.423Z","references":[{"type":"ADVISORY","url":"https://www.wolfssl.com/wolfssh-and-rohnp/"},{"type":"ADVISORY","url":"https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"},{"type":"FIX","url":"https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssl","events":[{"introduced":"0"},{"fixed":"1179969dcf81e1e44fd35e387febd4f8ca38d85d"},{"fixed":"9b9568d500f31f964af26ba8d01e542e1f27e5ca"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.15.3"}]}}],"versions":["v0.5","v1.8.8.0","v1.9.0","v2.0.2","v2.0.3","v2.0.6","v2.0.8","v2.0rc1","v2.0rc2","v2.0rc2b","v2.0rc3","v2.4.2","v2.4.6","v2.4.7","v2.6.0","v2.6.2","v2.7.0","v2.7.2","v2.8.0","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.8.5a","v2.8.6","v2.9.0","v2.9.1","v2.9.2","v2.9.4","v3.10.0-stable","v3.10.0a","v3.10.2-stable","v3.10.3","v3.11.0-stable","v3.11.1-tls13-beta","v3.12.0-stable","v3.12.2-stable","v3.13.0-stable","v3.13.2","v3.13.3","v3.14.0-stable","v3.14.0a","v3.14.0b","v3.14.2","v3.14.4","v3.15.0-stable","v3.2.0","v3.2.4","v3.2.6","v3.3.0","v3.3.3","v3.4.0","v3.4.2","v3.4.6","v3.6.8","v3.6.9","v3.7.0","v3.7.1","v3.7.3","v3.8.0","v3.9.0","v3.9.1","v3.9.10-stable","v3.9.10b","v3.9.6","v3.9.6w","v3.9.8"],"database_specific":{"vanir_signatures_modified":"2026-04-11T06:58:44Z","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2018-12436-03e5e19c","target":{"file":"wolfcrypt/src/ecc.c","function":"wc_ecc_gen_k"},"signature_type":"Function","digest":{"function_hash":"97098694070618479796839824861712676912","length":798},"source":"https://github.com/wolfssl/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca"},{"deprecated":false,"signature_version":"v1","id":"CVE-2018-12436-7d2e4743","target":{"file":"wolfcrypt/src/ecc.c","function":"wc_ecc_sign_hash_ex"},"signature_type":"Function","digest":{"function_hash":"329601971156733586894920632165393768916","length":6073},"source":"https://github.com/wolfssl/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca"},{"deprecated":false,"signature_version":"v1","id":"CVE-2018-12436-9be8702e","target":{"file":"wolfcrypt/src/ecc.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["180105540832317960135869179642485368458","219670112345521747196662040631326145700","16111731207495186350516201396152731575","84580058371629366077470150564612674802","338280410321397857655128996363835051309","275739291280294658398206417064560146914","43222418277609380264329009969200061082","281911540114982861058971188872665423747","120207583837105358401042174516439733029","35144380420131484861593369048590002852","287111173886096549423603016843712953966","224969320601590970213067024922785565873","116541833046167184336218681229605942449","297537371672909726796839019846523928632","30414633575863347317212229842143138176","139116827036489476815642640892002953346","141218504163137182235295909753019846141","18542260038182372672688065707602259741","164561830877312627579682711805580772728","75202648303631630100611227098050061419","227368077280084628061074102065322406230","319585949210892297687748878719963247398","101638936496678138146601086666856366866","210294045997350206660528821359663780294","169857514239109531428198600871698928543","194089326328324240590752388381939524044","216345207333688073353394951787849222414","157954063479739293112728240484396121451","6030899692141079888304492776418959104","238170310874901192081407911422618976324","11404882872460344036499629001227805627","303394133142596662493052787285145781651","170803551361033665570430574072960793399","293702046138194098313276599765382829765","161964254929860119880494294595042289820","113536867443714089690266207735977194456","331957245513875143663211821403297561902","1047273769436126680075077787862867170","99632092121648833459388601988131629043","237104132855061567602291230687355861176","229257314256408985491156933656895597416","280275082197584052408944518295226672803","275684663132770170878378752916701360836"]},"source":"https://github.com/wolfssl/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12436.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}