CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Published : 2018-04-16 18:29 Updated : 2019-10-03 00:03

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Openssl Openssl 1.0.2b cpe:/a:openssl:openssl:1.0.2b
Openssl Openssl 1.0.2c cpe:/a:openssl:openssl:1.0.2c
Openssl Openssl 1.0.2d cpe:/a:openssl:openssl:1.0.2d
Openssl Openssl 1.0.2e cpe:/a:openssl:openssl:1.0.2e
Openssl Openssl 1.0.2f cpe:/a:openssl:openssl:1.0.2f
Openssl Openssl 1.0.2g cpe:/a:openssl:openssl:1.0.2g
Openssl Openssl 1.0.2h cpe:/a:openssl:openssl:1.0.2h
Openssl Openssl 1.0.2i cpe:/a:openssl:openssl:1.0.2i
Openssl Openssl 1.0.2j cpe:/a:openssl:openssl:1.0.2j
Openssl Openssl 1.0.2k cpe:/a:openssl:openssl:1.0.2k
Openssl Openssl 1.0.2l cpe:/a:openssl:openssl:1.0.2l
Openssl Openssl 1.0.2m cpe:/a:openssl:openssl:1.0.2m
Openssl Openssl 1.0.2n cpe:/a:openssl:openssl:1.0.2n
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0
Openssl Openssl 1.1.0a cpe:/a:openssl:openssl:1.1.0a
Openssl Openssl 1.1.0b cpe:/a:openssl:openssl:1.1.0b
Openssl Openssl 1.1.0c cpe:/a:openssl:openssl:1.1.0c
Openssl Openssl 1.1.0d cpe:/a:openssl:openssl:1.1.0d
Openssl Openssl 1.1.0e cpe:/a:openssl:openssl:1.1.0e
Openssl Openssl 1.1.0f cpe:/a:openssl:openssl:1.1.0f
Openssl Openssl 1.1.0g cpe:/a:openssl:openssl:1.1.0g
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 17.10 cpe:/o:canonical:ubuntu_linux:17.10
Openssl Openssl 1.0.2o cpe:/a:openssl:openssl:1.0.2o
Openssl Openssl 1.1.0h cpe:/a:openssl:openssl:1.1.0h
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:-
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:pre1
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:pre2
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:pre3
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:pre4
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:pre5
Openssl Openssl 1.1.0 cpe:/a:openssl:openssl:1.1.0:pre6
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 14.04
      2. 16.04
      3. 17.10
  2. Openssl (1) Search CVE
    1. Openssl (23) Search CVE
      1. 1.0.2b
      2. 1.0.2c
      3. 1.0.2d
      4. 1.0.2e
      5. 1.0.2f
      6. 1.0.2g
      7. 1.0.2h
      8. 1.0.2i
      9. 1.0.2j
      10. 1.0.2k
      11. 1.0.2l
      12. 1.0.2m
      13. 1.0.2n
      14. 1.1.0
      15. 1.1.0a
      16. 1.1.0b
      17. 1.1.0c
      18. 1.1.0d
      19. 1.1.0e
      20. 1.1.0f
      21. 1.1.0g
      22. 1.0.2o
      23. 1.1.0h

CWE

ID Name Description Links
CWE-327 Use of a Broken or Risky Cryptographic Algorithm The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. CVE

References

Source Link
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
CONFIRM https://www.openssl.org/news/secadv/20180416.txt
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
BID http://www.securityfocus.com/bid/103766
SECTRACK http://www.securitytracker.com/id/1040685
UBUNTU https://usn.ubuntu.com/3628-1/
UBUNTU https://usn.ubuntu.com/3628-2/
UBUNTU https://usn.ubuntu.com/3692-2/
UBUNTU https://usn.ubuntu.com/3692-1/
CONFIRM https://security.netapp.com/advisory/ntap-20180726-0003/
MLIST https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
CONFIRM https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
CONFIRM https://www.tenable.com/security/tns-2018-12
CONFIRM https://securityadvisories.paloaltonetworks.com/Home/Detail/133
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CONFIRM https://www.tenable.com/security/tns-2018-13
CONFIRM https://www.tenable.com/security/tns-2018-14
REDHAT https://access.redhat.com/errata/RHSA-2018:3221
REDHAT https://access.redhat.com/errata/RHSA-2018:3505
GENTOO https://security.gentoo.org/glsa/201811-21
DEBIAN https://www.debian.org/security/2018/dsa-4348
DEBIAN https://www.debian.org/security/2018/dsa-4355
CONFIRM https://www.tenable.com/security/tns-2018-17
CONFIRM https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MISC https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/

History of changes

Date Event
2019-10-03 00:03
2019-04-23 19:31
2019-01-16 19:29
2018-12-21 11:29
2018-12-20 11:29
2018-12-01 11:29
2018-11-29 11:29
2018-11-07 11:29
2018-10-31 10:30
2018-10-24 10:29
2018-10-17 01:31
2018-10-12 10:29
2018-09-19 10:29
2018-08-24 19:29
2018-07-29 01:29
2018-07-28 01:29
2018-06-28 01:29
2018-05-23 14:28
2018-04-21 01:29
2018-04-18 01:29
2018-04-16 18:29

New CVE