CVE-2018-0735
Summary
| CVE | CVE-2018-0735 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-29 13:29:00 UTC |
| Updated | 2023-11-07 02:51:00 UTC |
| Description | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). |
Risk And Classification
Problem Types: CWE-327
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Hardware | Netapp | Cn1610 | - | All | All | All |
| Hardware | Netapp | Cn1610 | - | All | All | All |
| Operating System | Netapp | Cn1610 Firmware | - | All | All | All |
| Operating System | Netapp | Cn1610 Firmware | - | All | All | All |
| Application | Netapp | Element Software | - | All | All | All |
| Application | Netapp | Element Software | - | All | All | All |
| Application | Netapp | Oncommand Unified Manager | All | All | All | All |
| Application | Netapp | Oncommand Unified Manager | All | All | All | All |
| Application | Netapp | Oncommand Unified Manager | All | All | All | All |
| Application | Netapp | Oncommand Unified Manager | All | All | All | All |
| Application | Netapp | Santricity Smi-s Provider | - | All | All | All |
| Application | Netapp | Santricity Smi-s Provider | - | All | All | All |
| Application | Netapp | Smi-s Provider | - | All | All | All |
| Application | Netapp | Smi-s Provider | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Steelstore | - | All | All | All |
| Application | Netapp | Steelstore | - | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | 10.13.0 | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Nodejs | Node.js | All | All | All | All |
| Application | Openssl | Openssl | 1.1.1 | All | All | All |
| Application | Openssl | Openssl | 1.1.1 | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Application | Oracle | Api Gateway | 11.1.2.4.0 | All | All | All |
| Application | Oracle | Api Gateway | 11.1.2.4.0 | All | All | All |
| Application | Oracle | Application Server | 0.9.8 | All | All | All |
| Application | Oracle | Application Server | 1.0.0 | All | All | All |
| Application | Oracle | Application Server | 1.0.1 | All | All | All |
| Application | Oracle | Application Server | 0.9.8 | All | All | All |
| Application | Oracle | Application Server | 1.0.0 | All | All | All |
| Application | Oracle | Application Server | 1.0.1 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 12.1.0.5.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.2.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.3.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 12.1.0.5.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.2.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.3.0.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.3.3 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.3.3 | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Mysql | All | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.55 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.56 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.57 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.55 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.56 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.57 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 18.8 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.4 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 15.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.1 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 16.2 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 18.8 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | 8.4 | All | All | All |
| Application | Oracle | Primavera P6 Enterprise Project Portfolio Management | All | All | All | All |
| Application | Oracle | Secure Global Desktop | 5.4 | All | All | All |
| Application | Oracle | Secure Global Desktop | 5.4 | All | All | All |
| Application | Oracle | Tuxedo | 12.1.1.0.0 | All | All | All |
| Application | Oracle | Tuxedo | 12.1.1.0.0 | All | All | All |
| Application | Oracle | Vm Virtualbox | All | All | All | All |
| Application | Oracle | Vm Virtualbox | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OpenSSL CVE-2018-0735 Side Channel Attack Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| git.openssl.org Git - openssl.git/commitdiff | git.openssl.org | ||
| www.openssl.org/news/secadv/20181029.txt | CONFIRM | www.openssl.org | Vendor Advisory |
| Debian -- Security Information -- DSA-4348-1 openssl | DEBIAN | www.debian.org | Third Party Advisory |
| git.openssl.org Git - openssl.git/commitdiff | CONFIRM | git.openssl.org | Patch, Third Party Advisory |
| November 2018 Security Releases | Node.js | CONFIRM | nodejs.org | Third Party Advisory |
| Oracle Critical Patch Update - January 2019 | CONFIRM | www.oracle.com | Patch, Third Party Advisory |
| OpenSSL ECDSA Signature Algorithm Lets Remote Users Obtain Passwords on the Target System in Certain Cases - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - July 2019 | MISC | www.oracle.com | |
| [SECURITY] [DLA 1586-1] openssl security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| git.openssl.org Git - openssl.git/commitdiff | CONFIRM | git.openssl.org | Patch, Third Party Advisory |
| October 2018 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | |
| USN-3840-1: OpenSSL vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| git.openssl.org Git - openssl.git/commitdiff | git.openssl.org | ||
| Oracle Critical Patch Update Advisory - April 2019 | MISC | www.oracle.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Samuel Weiser
Legacy QID Mappings
- 296075 Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)
- 500432 Alpine Linux Security Update for nodejs
- 500491 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500559 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500758 Alpine Linux Security Update for openssl
- 501095 Alpine Linux Security Update for nodejs-current
- 501158 Alpine Linux Security Update for openssl
- 501977 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
- 502896 Alpine Linux Security Update for openssl1.1-compat
- 504195 Alpine Linux Security Update for nodejs
- 504250 Alpine Linux Security Update for openssl
- 690638 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (238ae7de-dba2-11e8-b713-b499baebfeaf)