Lucene search

K
nvd[email protected]NVD:CVE-2018-0734
HistoryOct 30, 2018 - 12:29 p.m.

CVE-2018-0734

2018-10-3012:29:00
CWE-327
web.nvd.nist.gov
1

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

71.6%

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Affected configurations

NVD
Node
opensslopensslRange1.0.21.0.2p
OR
opensslopensslRange1.1.01.1.0i
OR
opensslopensslMatch1.1.1
Node
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch18.10
Node
debiandebian_linuxMatch9.0
Node
nodejsnode.jsRange6.0.06.8.1-
OR
nodejsnode.jsRange6.9.06.15.0lts
OR
nodejsnode.jsRange8.0.08.8.1-
OR
nodejsnode.jsRange8.9.08.14.0lts
OR
nodejsnode.jsRange10.0.010.12.0-
OR
nodejsnode.jsRange11.0.011.3.0-
OR
nodejsnode.jsMatch10.13.0lts
Node
netappcn1610_firmwareMatch-
AND
netappcn1610Match-
Node
netappcloud_backupMatch-
OR
netapponcommand_unified_manager
OR
netappsantricity_smi-s_providerMatch-
OR
netappsnapcenterMatch-
OR
netappsteelstoreMatch-
OR
netappstorage_automation_storeMatch-
Node
oracleapi_gatewayMatch11.1.2.4.0
OR
oraclee-business_suite_technology_stackMatch0.9.8
OR
oraclee-business_suite_technology_stackMatch1.0.0
OR
oraclee-business_suite_technology_stackMatch1.0.1
OR
oracleenterprise_manager_base_platformMatch12.1.0.5.0
OR
oracleenterprise_manager_base_platformMatch13.2.0.0.0
OR
oracleenterprise_manager_base_platformMatch13.3.0.0.0
OR
oracleenterprise_manager_ops_centerMatch12.3.3
OR
oraclemysql_enterprise_backupRange3.03.12.3
OR
oraclemysql_enterprise_backupRange4.04.1.2
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.55
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.56
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oracleprimavera_p6_professional_project_managementRange17.717.12
OR
oracleprimavera_p6_professional_project_managementMatch8.4
OR
oracleprimavera_p6_professional_project_managementMatch15.1
OR
oracleprimavera_p6_professional_project_managementMatch15.2
OR
oracleprimavera_p6_professional_project_managementMatch16.1
OR
oracleprimavera_p6_professional_project_managementMatch16.2
OR
oracleprimavera_p6_professional_project_managementMatch18.8
OR
oracletuxedoMatch12.1.1.0.0

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.003

Percentile

71.6%