CVE-2018-0737 — Use of a Broken or Risky Cryptographic Algorithm in Openssl

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-320 CWE-385 — Covert Timing Channel18 documents9 sources

Severity

5.9MEDIUMNVD

OSV4.7

EPSS

38.1%

top 2.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl Canonical Ubuntu Linux +1 more

Timeline

PublishedApr 16

Latest updateNov 28

Description

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/openssl< openssl 1.1.0h-3 (bookworm)

▶Debianopenssl/openssl< 1.1.0h-3+3

▶Ubuntuopenssl/openssl< 1.0.1f-1ubuntu2.26+2

▶NVDopenssl/openssl1.0.2b — 1.0.2o+1

▶CVEListV5openssl/opensslFixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o), Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)+1

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-rj52-j648-hww8: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack↗2022-05-13

▶

OSV

openssl, openssl1.0 vulnerabilities↗2018-06-26

▶

OSV

CVE-2018-0737: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack↗2018-04-16

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2018-0015 OpenSSL Vulnerabilities in PAN-OS↗2018-10-12

▶

Ubuntu

OpenSSL vulnerabilities↗2018-06-26

▶

Ubuntu

OpenSSL vulnerabilities↗2018-06-26

▶

Ubuntu

OpenSSL vulnerability↗2018-04-19

▶

Ubuntu

OpenSSL vulnerability↗2018-04-19

▶

📄Research Papers

arXiv

Investigating Black-Box Function Recognition Using Hardware Performance Counters↗2022-11-28

▶

arXiv

Cache Refinement Type for Side-Channel Detection of Cryptographic Software↗2022-10-19

▶

💬Community

Bugzilla

side channel vulnerabilities during RSA key generation↗2020-04-20

▶

Bugzilla

CVE-2018-0737 mingw-openssl: openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys [epel-7]↗2018-04-17

▶

Bugzilla

CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys [fedora-all]↗2018-04-17

▶

Bugzilla

CVE-2018-0737 mingw-openssl: openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys [fedora-all]↗2018-04-17

▶

Bugzilla

CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys↗2018-04-17

▶