5.9

CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Data is provided by the National Vulnerability Database (NVD)
OpenSSLOpenSSL Version >= 1.0.2 <= 1.0.2p
OpenSSLOpenSSL Version >= 1.1.0 <= 1.1.0i
OpenSSLOpenSSL Version1.1.1
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version9.0
NodejsNode.Js SwEdition- Version >= 6.0.0 <= 6.8.1
NodejsNode.Js SwEditionlts Version >= 6.9.0 < 6.15.0
NodejsNode.Js SwEdition- Version >= 8.0.0 <= 8.8.1
NodejsNode.Js SwEditionlts Version >= 8.9.0 < 8.14.0
NodejsNode.Js SwEdition- Version >= 10.0.0 <= 10.12.0
NodejsNode.Js SwEdition- Version >= 11.0.0 < 11.3.0
NodejsNode.Js Version10.13.0 SwEditionlts
NetappCn1610 Firmware Version-
   NetappCn1610 Version-
NetappCloud Backup Version-
NetappSnapcenter Version-
NetappSteelstore Version-
OracleApi Gateway Version11.1.2.4.0
OracleMysql Enterprise Backup Version >= 3.0 <= 3.12.3
OracleMysql Enterprise Backup Version >= 4.0 <= 4.1.2
OracleTuxedo Version12.1.1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 6.05% 0.903
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://usn.ubuntu.com/3840-1/
Third Party Advisory
http://www.securityfocus.com/bid/105758
Third Party Advisory
VDB Entry