CVE-2018-0734

Published Oct 30, 2018
Last updated 4 days ago
CVSS medium 5.9
Overview

Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Source: openssl-security@openssl.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-327
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D942BAB1-862E-455A-AAB5-6E87FA891B92",
            "versionEndIncluding": "1.0.2p",
            "versionStartIncluding": "1.0.2"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5953EAB1-D0E8-48EA-B07D-3B828E6BB326",
            "versionEndIncluding": "1.1.0i",
            "versionStartIncluding": "1.1.0"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69F3542-173D-4E0D-99BB-42FDD206D996"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
            "versionEndIncluding": "6.8.1",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DEF4845-F577-4B12-AA48-39F0830B128E",
            "versionEndExcluding": "6.15.0",
            "versionStartIncluding": "6.9.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
            "versionEndIncluding": "8.8.1",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E79DFA7-55F8-453A-83E9-1C790902FCB8",
            "versionEndExcluding": "8.14.0",
            "versionStartIncluding": "8.9.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
            "versionEndIncluding": "10.12.0",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37",
            "versionEndExcluding": "11.3.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "541EAE2B-5446-46CE-BC91-13188EAD6092"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBF1DFDA-FB66-4CEA-A658-B167326D1D96"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22"
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "913DA418-A144-48CF-85AB-75B64BFD16DD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBE38DB6-795A-479B-84A5-3DBA4A101F06"
          },
          {
            "criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E18AA832-DAC1-41D2-8A7C-2C41F06A2281"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62B31BEE-88C3-431D-8356-AC28F325E76E",
            "versionEndIncluding": "3.12.3",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4340D49A-E1F8-48B7-BA05-0338293B1A14",
            "versionEndIncluding": "4.1.2",
            "versionStartIncluding": "4.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08720A23-3B40-4394-8785-845EFEEFAA87",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CFFE5D2-FB9A-45F9-9FBC-25A6DA9E189A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "092AD60D-99F2-4203-966A-3002E6D9C55B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "273EAFA7-81C4-41A6-B44A-95BA18D9DCB7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA25D523-25C4-4EFD-A1BC-0BEEB0EEF8AE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2DEE1C6-215C-47B5-A92D-E4627AD9D503"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBE3E82F-DCB6-4E1E-BA08-67C85384BBB5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
