CVE-2018-0734
published 2018-10-30CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.1.1a-1 (bookworm) | openssl 1.1.1a-1 (bookworm) |
| msrc | cm1_nodejs_14.17.2-1_on_cbl_mariner_1.0 | — | — |
| nodejs | node.js | — | — |
| nodejs | node.js | 10.0.0 – 10.12.0 | — |
| nodejs | node.js | >= 11.0.0 < 11.3.0 | 11.3.0 |
| nodejs | node.js | 6.0.0 – 6.8.1 | — |
| nodejs | node.js | >= 6.9.0 < 6.15.0 | 6.15.0 |
| nodejs | node.js | 8.0.0 – 8.8.1 | — |
| nodejs | node.js | >= 8.9.0 < 8.14.0 | 8.14.0 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.27 | 1.0.1f-1ubuntu2.27 |
| openssl | openssl | >= 0 < 1.0.2g-1ubuntu4.14 | 1.0.2g-1ubuntu4.14 |
| openssl | openssl | >= 0 < 1.1.0g-2ubuntu4.3 | 1.1.0g-2ubuntu4.3 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM