Lucene search

[email protected]NVD:CVE-2018-0734

HistoryOct 30, 2018 - 12:29 p.m.

CVE-2018-0734

2018-10-3012:29:00

CWE-327

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Affected configurations

NVD

Node

opensslopensslRange1.0.2–1.0.2p

opensslopensslRange1.1.0–1.1.0i

opensslopensslMatch1.1.1

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

debiandebian_linuxMatch9.0

Node

nodejsnode.jsRange6.0.0–6.8.1-

nodejsnode.jsRange6.9.0–6.15.0lts

nodejsnode.jsRange8.0.0–8.8.1-

nodejsnode.jsRange8.9.0–8.14.0lts

nodejsnode.jsRange10.0.0–10.12.0-

nodejsnode.jsRange11.0.0–11.3.0-

nodejsnode.jsMatch10.13.0lts

Node

netappcn1610_firmwareMatch-

AND

netappcn1610Match-

Node

netappcloud_backupMatch-

netapponcommand_unified_manager

netappsantricity_smi-s_providerMatch-

netappsnapcenterMatch-

netappsteelstoreMatch-

netappstorage_automation_storeMatch-

Node

oracleapi_gatewayMatch11.1.2.4.0

oraclee-business_suite_technology_stackMatch0.9.8

oraclee-business_suite_technology_stackMatch1.0.0

oraclee-business_suite_technology_stackMatch1.0.1

oracleenterprise_manager_base_platformMatch12.1.0.5.0

oracleenterprise_manager_base_platformMatch13.2.0.0.0

oracleenterprise_manager_base_platformMatch13.3.0.0.0

oracleenterprise_manager_ops_centerMatch12.3.3

oraclemysql_enterprise_backupRange3.0–3.12.3

oraclemysql_enterprise_backupRange4.0–4.1.2

oraclepeoplesoft_enterprise_peopletoolsMatch8.55

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oracleprimavera_p6_professional_project_managementRange17.7–17.12

oracleprimavera_p6_professional_project_managementMatch8.4

oracleprimavera_p6_professional_project_managementMatch15.1

oracleprimavera_p6_professional_project_managementMatch15.2

oracleprimavera_p6_professional_project_managementMatch16.1

oracleprimavera_p6_professional_project_managementMatch16.2

oracleprimavera_p6_professional_project_managementMatch18.8

oracletuxedoMatch12.1.1.0.0

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html

lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

www.securityfocus.com/bid/105758

access.redhat.com/errata/RHSA-2019:2304

access.redhat.com/errata/RHSA-2019:3700

access.redhat.com/errata/RHSA-2019:3932

access.redhat.com/errata/RHSA-2019:3933

access.redhat.com/errata/RHSA-2019:3935

git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac

git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f

git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/

nodejs.org/en/blog/vulnerability/november-2018-security-releases/

security.netapp.com/advisory/ntap-20181105-0002/

security.netapp.com/advisory/ntap-20190118-0002/

security.netapp.com/advisory/ntap-20190423-0002/

usn.ubuntu.com/3840-1/

www.debian.org/security/2018/dsa-4348

www.debian.org/security/2018/dsa-4355

www.openssl.org/news/secadv/20181030.txt

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.tenable.com/security/tns-2018-16

www.tenable.com/security/tns-2018-17

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

JSON

CVE-2018-0734

Affected configurations

References

Related