Information Exposure The advisory has been revoked - it doesn't affect any version of package openjdk-11 Open this link in a new tab
Threat Intelligence
EPSS
0.07% (30th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-OPENJDK11-263258
- published 15 Jun 2018
- disclosed 15 Jun 2018
Amendment
The Debian
security team deemed this advisory irrelevant for Debian:10
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream openjdk-11
package and not the openjdk-11
package as distributed by Debian
.
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.