Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2018-5407 — Sensitive Information Exposure in Node.js
Severity
4.7MEDIUMNVD
EPSS
0.8%
top 25.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 15
Latest updateMay 13
Description
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6
Affected Packages16 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3rjg-j575-7f6p: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing att↗2022-05-13
OSV▶
CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing att↗2018-11-15
CVEList▶
CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing att↗2018-11-15
💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2018-5407 compat-openssl10: openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) [fedora-all]↗2018-11-02
Bugzilla▶
CVE-2018-5407 mingw-openssl: openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) [epel-7]↗2018-11-02
Bugzilla▶
CVE-2018-5407 mingw-openssl: openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) [fedora-all]↗2018-11-02
Bugzilla▶
CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)↗2018-11-02