5.9

CVE-2018-0735

Timing attack against ECDSA signature generation

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version >= 1.1.0 <= 1.1.0i
OpenSSLOpenSSL Version1.1.1
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
NodejsNode.Js SwEdition- Version >= 10.0.0 < 10.12.0
NodejsNode.Js SwEdition- Version >= 11.0.0 < 11.3.0
NodejsNode.Js Version10.13.0 SwEditionlts
NetappCn1610 Firmware Version-
   NetappCn1610 Version-
NetappCloud Backup Version-
NetappElement Software Version-
NetappOncommand Unified Manager SwPlatformvsphere Version >= 9.4
NetappSmi-s Provider Version-
NetappSnapdrive Version- SwPlatformunix
NetappSnapdrive Version- SwPlatformwindows
NetappSteelstore Version-
OracleApi Gateway Version11.1.2.4.0
OracleApplication Server Version0.9.8
OracleApplication Server Version1.0.0
OracleApplication Server Version1.0.1
OracleMysql Version <= 5.6.42
OracleMysql Version >= 5.7.0 <= 5.7.24
OracleMysql Version >= 8.0.0 <= 8.0.13
OracleSecure Global Desktop Version5.4
OracleTuxedo Version12.1.1.0.0
OracleVm Virtualbox Version < 6.0.0
OracleVm Virtualbox Version >= 5.0.0 < 5.2.24
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.76% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.debian.org/security/2018/dsa-4348
Third Party Advisory
http://www.securityfocus.com/bid/105750
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041986
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:3700
Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
Third Party Advisory
Mailing List
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181105-0002/
Third Party Advisory
https://usn.ubuntu.com/3840-1/
Third Party Advisory
https://www.openssl.org/news/secadv/20181029.txt
Vendor Advisory