CVE-2018-0737

CVE Database · CVE-2018-0737

CVE-2018-0737

· N/AModified

CVSS v3.1

N/A

EPSS

12.20%

Published

Apr 16, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Weaknesses (CWE)

CWE-327

Affected Products (5)

openssl · opensslvulnerable

canonical · ubuntu_linuxvulnerable

References (20)

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/103766

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040685

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3221

https://access.redhat.com/errata/RHSA-2018:3505

https://access.redhat.com/errata/RHSA-2019:3932

https://access.redhat.com/errata/RHSA-2019:3933

https://access.redhat.com/errata/RHSA-2019:3935

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f

KEV Catalog EPSS Scores Vendors All CVEs