[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-0737Date: (C)2018-04-24   (M)2024-02-22


The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.9CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
BID-103766
SECTRACK-1040685
DSA-4348
DSA-4355
FEDORA-2019-00c25b9379
FEDORA-2019-9a0a7c0986
FEDORA-2019-db06efdea1
GLSA-201811-21
N/A
RHSA-2018:3221
RHSA-2018:3505
RHSA-2019:3932
RHSA-2019:3933
RHSA-2019:3935
USN-3628-1
USN-3628-2
USN-3692-1
USN-3692-2
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.netapp.com/advisory/ntap-20180726-0003/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://www.openssl.org/news/secadv/20180416.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
https://www.tenable.com/security/tns-2018-14
https://www.tenable.com/security/tns-2018-17

CPE    7
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/a:openssl:openssl:1.0.2b
cpe:/a:openssl:openssl:1.0.2d
...
CWE    1
CWE-327
OVAL    29
oval:org.secpod.oval:def:704201
oval:org.secpod.oval:def:51064
oval:org.secpod.oval:def:1502342
oval:org.secpod.oval:def:1502341
...

© SecPod Technologies