CVE-2018-0734

Severity CVSS v4.0:
Pending analysis
Type:
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Publication date:
30/10/2018
Last modified:
07/11/2023

Description

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1.0.2 (including) 1.0.2p (including)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1.1.0 (including) 1.1.0i (including)
cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* 6.0.0 (including) 6.8.1 (including)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* 6.9.0 (including) 6.15.0 (excluding)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* 8.0.0 (including) 8.8.1 (including)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* 8.9.0 (including) 8.14.0 (excluding)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* 10.0.0 (including) 10.12.0 (including)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* 11.0.0 (including) 11.3.0 (excluding)
cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*


References to Advisories, Solutions, and Tools