Vulnerability Details CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 86.9%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
- http://www.securityfocus.com/bid/105758
- https://access.redhat.com/errata/RHSA-2019:2304
- https://access.redhat.com/errata/RHSA-2019:3700
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3935
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://usn.ubuntu.com/3840-1/
- https://www.debian.org/security/2018/dsa-4348
- https://www.debian.org/security/2018/dsa-4355
- https://www.openssl.org/news/secadv/20181030.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
- http://www.securityfocus.com/bid/105758
- https://access.redhat.com/errata/RHSA-2019:2304
- https://access.redhat.com/errata/RHSA-2019:3700
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3935
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://usn.ubuntu.com/3840-1/
- https://www.debian.org/security/2018/dsa-4348
- https://www.debian.org/security/2018/dsa-4355
- https://www.openssl.org/news/secadv/20181030.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
Products affected by CVE-2018-0734
-
cpe:2.3:a:netapp:cloud_backup:-
-
cpe:2.3:a:netapp:oncommand_unified_manager:-
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.1
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.1
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.2
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.3
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.4
-
cpe:2.3:a:netapp:oncommand_unified_manager:5.2.5
-
cpe:2.3:a:netapp:oncommand_unified_manager:6.3
-
cpe:2.3:a:netapp:oncommand_unified_manager:6.4
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.0
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.1
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.2
-
cpe:2.3:a:netapp:oncommand_unified_manager:7.3
-
cpe:2.3:a:netapp:oncommand_unified_manager:9.4
-
cpe:2.3:a:netapp:oncommand_unified_manager:9.5
-
cpe:2.3:a:netapp:santricity_smi-s_provider:-
-
cpe:2.3:a:netapp:snapcenter:-
-
cpe:2.3:a:netapp:steelstore:-
-
cpe:2.3:a:netapp:storage_automation_store:-
-
cpe:2.3:a:nodejs:node.js:10.0.0
-
cpe:2.3:a:nodejs:node.js:10.1.0
-
cpe:2.3:a:nodejs:node.js:10.10.0
-
cpe:2.3:a:nodejs:node.js:10.11.0
-
cpe:2.3:a:nodejs:node.js:10.12.0
-
cpe:2.3:a:nodejs:node.js:10.13.0
-
cpe:2.3:a:nodejs:node.js:10.2.0
-
cpe:2.3:a:nodejs:node.js:10.2.1
-
cpe:2.3:a:nodejs:node.js:10.3.0
-
cpe:2.3:a:nodejs:node.js:10.4.0
-
cpe:2.3:a:nodejs:node.js:10.4.1
-
cpe:2.3:a:nodejs:node.js:10.5.0
-
cpe:2.3:a:nodejs:node.js:10.6.0
-
cpe:2.3:a:nodejs:node.js:10.7.0
-
cpe:2.3:a:nodejs:node.js:10.8.0
-
cpe:2.3:a:nodejs:node.js:10.9.0
-
cpe:2.3:a:nodejs:node.js:11.0.0
-
cpe:2.3:a:nodejs:node.js:11.1.0
-
cpe:2.3:a:nodejs:node.js:11.2.0
-
cpe:2.3:a:nodejs:node.js:6.0.0
-
cpe:2.3:a:nodejs:node.js:6.1.0
-
cpe:2.3:a:nodejs:node.js:6.10.0
-
cpe:2.3:a:nodejs:node.js:6.10.1
-
cpe:2.3:a:nodejs:node.js:6.10.2
-
cpe:2.3:a:nodejs:node.js:6.10.3
-
cpe:2.3:a:nodejs:node.js:6.11.0
-
cpe:2.3:a:nodejs:node.js:6.11.1
-
cpe:2.3:a:nodejs:node.js:6.11.2
-
cpe:2.3:a:nodejs:node.js:6.11.3
-
cpe:2.3:a:nodejs:node.js:6.11.4
-
cpe:2.3:a:nodejs:node.js:6.11.5
-
cpe:2.3:a:nodejs:node.js:6.12.0
-
cpe:2.3:a:nodejs:node.js:6.12.1
-
cpe:2.3:a:nodejs:node.js:6.12.2
-
cpe:2.3:a:nodejs:node.js:6.12.3
-
cpe:2.3:a:nodejs:node.js:6.13.0
-
cpe:2.3:a:nodejs:node.js:6.13.1
-
cpe:2.3:a:nodejs:node.js:6.14.0
-
cpe:2.3:a:nodejs:node.js:6.14.1
-
cpe:2.3:a:nodejs:node.js:6.14.2
-
cpe:2.3:a:nodejs:node.js:6.14.3
-
cpe:2.3:a:nodejs:node.js:6.14.4
-
cpe:2.3:a:nodejs:node.js:6.2.0
-
cpe:2.3:a:nodejs:node.js:6.2.1
-
cpe:2.3:a:nodejs:node.js:6.2.2
-
cpe:2.3:a:nodejs:node.js:6.3.0
-
cpe:2.3:a:nodejs:node.js:6.3.1
-
cpe:2.3:a:nodejs:node.js:6.4.0
-
cpe:2.3:a:nodejs:node.js:6.5.0
-
cpe:2.3:a:nodejs:node.js:6.6.0
-
cpe:2.3:a:nodejs:node.js:6.7.0
-
cpe:2.3:a:nodejs:node.js:6.8.0
-
cpe:2.3:a:nodejs:node.js:6.8.1
-
cpe:2.3:a:nodejs:node.js:6.9.0
-
cpe:2.3:a:nodejs:node.js:6.9.1
-
cpe:2.3:a:nodejs:node.js:6.9.2
-
cpe:2.3:a:nodejs:node.js:6.9.3
-
cpe:2.3:a:nodejs:node.js:6.9.4
-
cpe:2.3:a:nodejs:node.js:6.9.5
-
cpe:2.3:a:nodejs:node.js:8.0.0
-
cpe:2.3:a:nodejs:node.js:8.1.0
-
cpe:2.3:a:nodejs:node.js:8.1.1
-
cpe:2.3:a:nodejs:node.js:8.1.2
-
cpe:2.3:a:nodejs:node.js:8.1.3
-
cpe:2.3:a:nodejs:node.js:8.1.4
-
cpe:2.3:a:nodejs:node.js:8.10.0
-
cpe:2.3:a:nodejs:node.js:8.11.0
-
cpe:2.3:a:nodejs:node.js:8.11.1
-
cpe:2.3:a:nodejs:node.js:8.11.2
-
cpe:2.3:a:nodejs:node.js:8.11.3
-
cpe:2.3:a:nodejs:node.js:8.11.4
-
cpe:2.3:a:nodejs:node.js:8.12.0
-
cpe:2.3:a:nodejs:node.js:8.13.0
-
cpe:2.3:a:nodejs:node.js:8.2.0
-
cpe:2.3:a:nodejs:node.js:8.2.1
-
cpe:2.3:a:nodejs:node.js:8.3.0
-
cpe:2.3:a:nodejs:node.js:8.4.0
-
cpe:2.3:a:nodejs:node.js:8.5.0
-
cpe:2.3:a:nodejs:node.js:8.6.0
-
cpe:2.3:a:nodejs:node.js:8.7.0
-
cpe:2.3:a:nodejs:node.js:8.8.0
-
cpe:2.3:a:nodejs:node.js:8.8.1
-
cpe:2.3:a:nodejs:node.js:8.9.0
-
cpe:2.3:a:nodejs:node.js:8.9.1
-
cpe:2.3:a:nodejs:node.js:8.9.2
-
cpe:2.3:a:nodejs:node.js:8.9.3
-
cpe:2.3:a:nodejs:node.js:8.9.4
-
cpe:2.3:a:openssl:openssl:1.0.2
-
cpe:2.3:a:openssl:openssl:1.0.2a
-
cpe:2.3:a:openssl:openssl:1.0.2b
-
cpe:2.3:a:openssl:openssl:1.0.2c
-
cpe:2.3:a:openssl:openssl:1.0.2d
-
cpe:2.3:a:openssl:openssl:1.0.2e
-
cpe:2.3:a:openssl:openssl:1.0.2f
-
cpe:2.3:a:openssl:openssl:1.0.2g
-
cpe:2.3:a:openssl:openssl:1.0.2h
-
cpe:2.3:a:openssl:openssl:1.0.2i
-
cpe:2.3:a:openssl:openssl:1.0.2j
-
cpe:2.3:a:openssl:openssl:1.0.2k
-
cpe:2.3:a:openssl:openssl:1.0.2l
-
cpe:2.3:a:openssl:openssl:1.0.2m
-
cpe:2.3:a:openssl:openssl:1.0.2n
-
cpe:2.3:a:openssl:openssl:1.0.2o
-
cpe:2.3:a:openssl:openssl:1.0.2p
-
cpe:2.3:a:openssl:openssl:1.1.0
-
cpe:2.3:a:openssl:openssl:1.1.0a
-
cpe:2.3:a:openssl:openssl:1.1.0b
-
cpe:2.3:a:openssl:openssl:1.1.0c
-
cpe:2.3:a:openssl:openssl:1.1.0d
-
cpe:2.3:a:openssl:openssl:1.1.0e
-
cpe:2.3:a:openssl:openssl:1.1.0f
-
cpe:2.3:a:openssl:openssl:1.1.0g
-
cpe:2.3:a:openssl:openssl:1.1.0h
-
cpe:2.3:a:openssl:openssl:1.1.0i
-
cpe:2.3:a:openssl:openssl:1.1.1
-
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0
-
cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8
-
cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0
-
cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1
-
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0
-
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0
-
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3
-
cpe:2.3:a:oracle:mysql_enterprise_backup:3.11.0
-
cpe:2.3:a:oracle:mysql_enterprise_backup:3.11.1
-
cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.0
-
cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.1
-
cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.2
-
cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.0.0
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.0.1
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.0.2
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.0.3
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.0
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.1
-
cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.10
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.11
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.12
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.7
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.8
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8
-
cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4
-
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0
-
cpe:2.3:h:netapp:cn1610:-
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:netapp:cn1610_firmware:-