CVE-2018-0735

Name
CVE-2018-0735
Description
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.openssl.org/news/secadv/20181029.txt
Patch https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
Patch https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1
Third Party Advisory http://www.securitytracker.com/id/1041986
Third Party Advisory http://www.securityfocus.com/bid/105750
Third Party Advisory https://security.netapp.com/advisory/ntap-20181105-0002/
Mailing List https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
Third Party Advisory https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
Third Party Advisory https://www.debian.org/security/2018/dsa-4348
Third Party Advisory https://usn.ubuntu.com/3840-1/
Patch https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MISC https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
REDHAT https://access.redhat.com/errata/RHSA-2019:3700
MISC https://www.oracle.com/security-alerts/cpujan2020.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:* openssl == None == 1.1.1
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* openssl >= 1.1.0 <= 1.1.0i

Vulnerable and fixed packages

Source package Branch Version Maintainer Status