CVE-2018-0737

{"id": "CVE-2018-0737", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-04-16T18:29:00.267", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "source": "openssl-security@openssl.org"}, {"url": "http://www.securityfocus.com/bid/103766", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "http://www.securitytracker.com/id/1040685", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3221", "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2018:3505", "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3932", "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3933", "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3935", "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f", "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787", "source": "openssl-security@openssl.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "source": "openssl-security@openssl.org"}, {"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "source": "openssl-security@openssl.org"}, {"url": "https://security.gentoo.org/glsa/201811-21", "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20180726-0003/", "source": "openssl-security@openssl.org"}, {"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3628-1/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3628-2/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3692-1/", "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3692-2/", "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2018/dsa-4348", "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2018/dsa-4355", "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20180416.txt", "tags": ["Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-12", "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-13", "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-14", "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-17", "source": "openssl-security@openssl.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."}, {"lang": "es", "value": "Se ha demostrado que el algoritmo de generaci\u00f3n de claves RSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral de cach\u00e9. Un atacante con acceso suficiente para montar ataques de sincronizaci\u00f3n de cach\u00e9 durante el proceso de generaci\u00f3n de claves RSA podr\u00eda recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0i-dev (afecta a 1.1.0-1.1.0h). Se ha solucionado en OpenSSL 1.0.2p-dev (afecta a 1.0.2b-1.0.2o)."}], "lastModified": "2023-11-07T02:51:05.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E14A0A5C-7968-4966-B32C-FAFB42644B4F", "versionEndIncluding": "1.0.2o", "versionStartIncluding": "1.0.2b"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF986111-5DDB-4BC8-AF03-14626778AB23", "versionEndIncluding": "1.1.0h", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}