cbcvebase.
CVE-2018-0737
published 2018-04-16

CVE-2018-0737: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount…

PriorityP339medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
12.05%
95.6th percentile
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Affected

16 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianopenssl< openssl 1.1.0h-3 (bookworm)openssl 1.1.0h-3 (bookworm)
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 1.1.0h-31.1.0h-3
opensslopenssl>= 0 < 1.1.0h-31.1.0h-3
opensslopenssl>= 0 < 1.1.0h-31.1.0h-3
opensslopenssl>= 0 < 1.1.0h-31.1.0h-3
opensslopenssl>= 0 < 1.0.1f-1ubuntu2.261.0.1f-1ubuntu2.26
opensslopenssl>= 0 < 1.0.2g-1ubuntu4.131.0.2g-1ubuntu4.13
opensslopenssl>= 0 < 1.1.0g-2ubuntu4.11.1.0g-2ubuntu4.1
opensslopenssl1.0.2b – 1.0.2o
opensslopenssl1.1.0 – 1.1.0h
paloaltopan-os

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9LOW
vendor_redhat5.9MEDIUM
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.