CVE-2018-0735
published 2018-10-29CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.1.1a-1 (bookworm) | openssl 1.1.1a-1 (bookworm) |
| netapp | oncommand_unified_manager | >= 9.4 | — |
| nodejs | node.js | — | — |
| nodejs | node.js | >= 10.0.0 < 10.12.0 | 10.12.0 |
| nodejs | node.js | >= 11.0.0 < 11.3.0 | 11.3.0 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.1.1a-1 | 1.1.1a-1 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.27 | 1.0.1f-1ubuntu2.27 |
| openssl | openssl | >= 0 < 1.0.2g-1ubuntu4.14 | 1.0.2g-1ubuntu4.14 |
| openssl | openssl | >= 0 < 1.1.0g-2ubuntu4.3 | 1.1.0g-2ubuntu4.3 |
| openssl | openssl | 1.1.0 – 1.1.0i | — |
| oracle | api_gateway | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM