Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-0734

Опубликовано: 16 окт. 2018
Источник: redhat
CVSS3: 5.1
EPSS Низкий

Описание

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6opensslWill not fix
Red Hat Enterprise Linux 6openssl098eWill not fix
Red Hat Enterprise Linux 7openssl098eWill not fix
Red Hat Enterprise Linux 7OVMFWill not fix
Red Hat Enterprise Linux 8compat-openssl10Will not fix
Red Hat Enterprise Linux 8mingw-opensslFix deferred
Red Hat JBoss Enterprise Application Platform 6opensslFix deferred
Red Hat JBoss Enterprise Web Server 2opensslWill not fix
Red Hat JBoss Web Server 3opensslAffected
JBoss Core Services on RHEL 6jbcs-httpd24-aprFixedRHSA-2019:393220.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-385
https://bugzilla.redhat.com/show_bug.cgi?id=1644364openssl: timing side channel attack in the DSA signature algorithm

EPSS

Процентиль: 87%
0.03469
Низкий

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-0734

CVSS3: 5.9
ubuntu
около 7 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

nvd логотип

CVE-2018-0734

CVSS3: 5.9
nvd
около 7 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

msrc логотип

CVE-2018-0734

CVSS3: 5.9
msrc
больше 4 лет назад

Timing attack against DSA

debian логотип

CVE-2018-0734

CVSS3: 5.9
debian
около 7 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...

github логотип

GHSA-93g8-hm6f-hrw3

CVSS3: 5.9
github
больше 3 лет назад

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

EPSS

Процентиль: 87%
0.03469
Низкий

5.1 Medium

CVSS3