Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-0734

Опубликовано: 30 окт. 2018
Источник: debian
EPSS Низкий

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
opensslfixed1.1.1a-1package
opensslpostponedjessiepackage
openssl1.0fixed1.0.2q-1package

Примечания

  • https://www.openssl.org/news/secadv/20181030.txt

  • OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f

  • OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7

  • OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac

  • Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which

  • futher reduces the amount of leaked timing information. It got no CVE on its own and

  • introduced this vulnerability. In order to not forget this issue and probably get more

  • information about it later, it is marked as <postponed> instead of <not-affected>

  • https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600

EPSS

Процентиль: 90%
0.06051
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-0734

CVSS3: 5.9
ubuntu
больше 6 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

redhat логотип

CVE-2018-0734

CVSS3: 5.1
redhat
больше 6 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

nvd логотип

CVE-2018-0734

CVSS3: 5.9
nvd
больше 6 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

msrc логотип

CVE-2018-0734

CVSS3: 5.9
msrc
около 4 лет назад

Описание отсутствует

github логотип

GHSA-93g8-hm6f-hrw3

CVSS3: 5.9
github
около 3 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

EPSS

Процентиль: 90%
0.06051
Низкий