CVE-2018-0734

Published: Oct 30, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Affected (43)

Products: Openssl: Openssl · Canonical: Ubuntu Linux · Debian: Debian Linux · +3 more

Show all products

1 product

1 product

1 product

1 product

7 products

Oncommand Unified Manager

Santricity Smi S Provider

Snapcenter

Steelstore

Storage Automation Store

Oracle

8 products

Api Gateway

E Business Suite Technology Stack

Enterprise Manager Base Platform

Enterprise Manager Ops Center

Mysql Enterprise Backup

Peoplesoft Enterprise Peopletools

Primavera P6 Professional Project Management

Tuxedo

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openssl Openssl	From 1.0.2 to 1.0.2p
Openssl Openssl	From 1.1.0 to 1.1.0i
Openssl Openssl	Version 1.1.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Nodejs Node.js	From 10.0.0 to 10.12.0
Nodejs Node.js	From 11.0.0 to 11.3.0
Nodejs Node.js	From 6.0.0 to 6.8.1
Nodejs Node.js	From 8.0.0 to 8.8.1
Nodejs Node.js	From 6.9.0 to 6.15.0
Nodejs Node.js	From 8.9.0 to 8.14.0
Nodejs Node.js	Version 10.13.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Cn1610 Firmware	All versions

Running on/with	Platform Versions
Netapp Cn1610	All versions

Configuration F

6 vulnerable

Vulnerable Software	Affected Versions
Netapp Cloud Backup	All versions
Netapp Oncommand Unified Manager	All versions
Netapp Santricity Smi S Provider	All versions
Netapp Snapcenter	All versions
Netapp Steelstore	All versions
Netapp Storage Automation Store	All versions

Configuration G

21 vulnerable

Vulnerable Software	Affected Versions
Oracle Api Gateway	Version 11.1.2.4.0
Oracle E Business Suite Technology Stack	Version 0.9.8
Oracle E Business Suite Technology Stack	Version 1.0.0
Oracle E Business Suite Technology Stack	Version 1.0.1
Oracle Enterprise Manager Base Platform	Version 12.1.0.5.0
Oracle Enterprise Manager Base Platform	Version 13.2.0.0.0
Oracle Enterprise Manager Base Platform	Version 13.3.0.0.0
Oracle Enterprise Manager Ops Center	Version 12.3.3
Oracle Mysql Enterprise Backup	From 3.0 to 3.12.3
Oracle Mysql Enterprise Backup	From 4.0 to 4.1.2
Oracle Peoplesoft Enterprise Peopletools	Version 8.55
Oracle Peoplesoft Enterprise Peopletools	Version 8.56
Oracle Peoplesoft Enterprise Peopletools	Version 8.57
Oracle Primavera P6 Professional Project Management	From 17.7 to 17.12
Oracle Primavera P6 Professional Project Management	Version 15.1
Oracle Primavera P6 Professional Project Management	Version 15.2
Oracle Primavera P6 Professional Project Management	Version 16.1
Oracle Primavera P6 Professional Project Management	Version 16.2
Oracle Primavera P6 Professional Project Management	Version 18.8
Oracle Primavera P6 Professional Project Management	Version 8.4
Oracle Tuxedo	Version 12.1.1.0.0

Related CWEs

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.