← Voltar para CVEs
CVE-2018-0734
MEDIUM5.9
Descricao
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Detalhes CVE
Pontuacao CVSS v3.15.9
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/30/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
canonical:ubuntu_linuxdebian:debian_linuxnetapp:cloud_backupnetapp:cn1610netapp:cn1610_firmwarenetapp:oncommand_unified_managernetapp:santricity_smi-s_providernetapp:snapcenternetapp:steelstorenetapp:storage_automation_storenodejs:node.jsopenssl:openssloracle:api_gatewayoracle:e-business_suite_technology_stackoracle:enterprise_manager_base_platformoracle:enterprise_manager_ops_centeroracle:mysql_enterprise_backuporacle:peoplesoft_enterprise_peopletoolsoracle:primavera_p6_professional_project_managementoracle:tuxedo
Fraquezas (CWE)
CWE-327
Referencias
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html(openssl-security@openssl.org)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html(openssl-security@openssl.org)
http://www.securityfocus.com/bid/105758(openssl-security@openssl.org)
https://access.redhat.com/errata/RHSA-2019:2304(openssl-security@openssl.org)
https://access.redhat.com/errata/RHSA-2019:3700(openssl-security@openssl.org)
https://access.redhat.com/errata/RHSA-2019:3932(openssl-security@openssl.org)
https://access.redhat.com/errata/RHSA-2019:3933(openssl-security@openssl.org)
https://access.redhat.com/errata/RHSA-2019:3935(openssl-security@openssl.org)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac(openssl-security@openssl.org)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f(openssl-security@openssl.org)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7(openssl-security@openssl.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/(openssl-security@openssl.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/(openssl-security@openssl.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/(openssl-security@openssl.org)
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/(openssl-security@openssl.org)
https://security.netapp.com/advisory/ntap-20181105-0002/(openssl-security@openssl.org)
https://security.netapp.com/advisory/ntap-20190118-0002/(openssl-security@openssl.org)
https://security.netapp.com/advisory/ntap-20190423-0002/(openssl-security@openssl.org)
https://usn.ubuntu.com/3840-1/(openssl-security@openssl.org)
https://www.debian.org/security/2018/dsa-4348(openssl-security@openssl.org)
https://www.debian.org/security/2018/dsa-4355(openssl-security@openssl.org)
https://www.openssl.org/news/secadv/20181030.txt(openssl-security@openssl.org)
https://www.oracle.com/security-alerts/cpuapr2020.html(openssl-security@openssl.org)
https://www.oracle.com/security-alerts/cpujan2020.html(openssl-security@openssl.org)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html(openssl-security@openssl.org)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(openssl-security@openssl.org)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(openssl-security@openssl.org)
https://www.tenable.com/security/tns-2018-16(openssl-security@openssl.org)
https://www.tenable.com/security/tns-2018-17(openssl-security@openssl.org)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105758(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2304(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3700(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3932(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3933(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3935(af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac(af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f(af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/(af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20181105-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190118-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190423-0002/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3840-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4348(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4355(af854a3a-2127-422b-91ae-364da2661108)
https://www.openssl.org/news/secadv/20181030.txt(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2018-16(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2018-17(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.