5.9
CVE-2018-0735
- EPSS 4.76%
- Veröffentlicht 29.10.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:50
- Quelle openssl-security@openssl.org
- CVE-Watchlists
- Unerledigt
Timing attack against ECDSA signature generation
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Netapp ≫ Cn1610 Firmware Version-
Netapp ≫ Cloud Backup Version-
Netapp ≫ Element Software Version-
Netapp ≫ Oncommand Unified Manager SwPlatformvsphere Version >= 9.4
Netapp ≫ Santricity Smi-s Provider Version-
Netapp ≫ Smi-s Provider Version-
Netapp ≫ Steelstore Version-
Oracle ≫ Api Gateway Version11.1.2.4.0
Oracle ≫ Application Server Version0.9.8
Oracle ≫ Application Server Version1.0.0
Oracle ≫ Application Server Version1.0.1
Oracle ≫ Enterprise Manager Base Platform Version12.1.0.5.0
Oracle ≫ Enterprise Manager Base Platform Version13.2.0.0.0
Oracle ≫ Enterprise Manager Base Platform Version13.3.0.0.0
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.55
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 17.7 <= 17.12
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version15.1
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version15.2
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version16.1
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version16.2
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version18.8
Oracle ≫ Secure Global Desktop Version5.4
Oracle ≫ Vm Virtualbox Version < 6.0.0
Oracle ≫ Vm Virtualbox Version >= 5.0.0 < 5.2.24
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.76% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.debian.org/security/2018/dsa-4348
http://www.securityfocus.com/bid/105750
http://www.securitytracker.com/id/1041986
https://access.redhat.com/errata/RHSA-2019:3700
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0002/
https://usn.ubuntu.com/3840-1/
https://www.openssl.org/news/secadv/20181029.txt