{"containers": {"cna": {"affected": [{"product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"status": "affected", "version": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"}, {"status": "affected", "version": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)"}]}], "credits": [{"lang": "en", "value": "Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia"}], "datePublic": "2018-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."}], "metrics": [{"other": {"content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "Constant time issue", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T22:53:10", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl"}, "references": [{"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"}, {"name": "DSA-4355", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4355"}, {"name": "USN-3628-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3628-2/"}, {"name": "GLSA-201811-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201811-21"}, {"name": "USN-3692-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3692-2/"}, {"name": "RHSA-2018:3505", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3505"}, {"name": "103766", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103766"}, {"name": "USN-3692-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3692-1/"}, {"name": "RHSA-2018:3221", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3221"}, {"name": "DSA-4348", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4348"}, {"name": "1040685", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040685"}, {"name": "USN-3628-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3628-1/"}, {"name": "FEDORA-2019-db06efdea1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"name": "FEDORA-2019-00c25b9379", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"name": "FEDORA-2019-9a0a7c0986", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-14"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-17"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-12"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openssl.org/news/secadv/20180416.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"}], "title": "Cache timing vulnerability in RSA Key Generation", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2018-04-16", "ID": "CVE-2018-0737", "STATE": "PUBLIC", "TITLE": "Cache timing vulnerability in RSA Key Generation"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenSSL", "version": {"version_data": [{"version_value": "Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h)"}, {"version_value": "Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)"}]}}]}, "vendor_name": "OpenSSL"}]}}, "credit": [{"lang": "eng", "value": "Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."}]}, "impact": [{"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Constant time issue"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"}, {"name": "DSA-4355", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4355"}, {"name": "USN-3628-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3628-2/"}, {"name": "GLSA-201811-21", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201811-21"}, {"name": "USN-3692-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3692-2/"}, {"name": "RHSA-2018:3505", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3505"}, {"name": "103766", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103766"}, {"name": "USN-3692-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3692-1/"}, {"name": "RHSA-2018:3221", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3221"}, {"name": "DSA-4348", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4348"}, {"name": "1040685", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040685"}, {"name": "USN-3628-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3628-1/"}, {"name": "FEDORA-2019-db06efdea1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"name": "FEDORA-2019-00c25b9379", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"name": "FEDORA-2019-9a0a7c0986", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://www.tenable.com/security/tns-2018-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-14"}, {"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", "refsource": "CONFIRM", "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"}, {"name": "https://www.tenable.com/security/tns-2018-13", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-13"}, {"name": "https://www.tenable.com/security/tns-2018-17", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-17"}, {"name": "https://www.tenable.com/security/tns-2018-12", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-12"}, {"name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"}, {"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"}, {"name": "https://www.openssl.org/news/secadv/20180416.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20180416.txt"}, {"name": "https://security.netapp.com/advisory/ntap-20180726-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:35:49.323Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"}, {"name": "DSA-4355", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4355"}, {"name": "USN-3628-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3628-2/"}, {"name": "GLSA-201811-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201811-21"}, {"name": "USN-3692-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3692-2/"}, {"name": "RHSA-2018:3505", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3505"}, {"name": "103766", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103766"}, {"name": "USN-3692-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3692-1/"}, {"name": "RHSA-2018:3221", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3221"}, {"name": "DSA-4348", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4348"}, {"name": "1040685", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040685"}, {"name": "USN-3628-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3628-1/"}, {"name": "FEDORA-2019-db06efdea1", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"name": "FEDORA-2019-00c25b9379", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"name": "FEDORA-2019-9a0a7c0986", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2018-14"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2018-13"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2018-17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2018-12"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20180416.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2018-0737", "datePublished": "2018-04-16T17:00:00Z", "dateReserved": "2017-11-30T00:00:00", "dateUpdated": "2024-09-17T03:53:55.729Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "E14A0A5C-7968-4966-B32C-FAFB42644B4F", "versionEndIncluding": "1.0.2o", "versionStartIncluding": "1.0.2b", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF986111-5DDB-4BC8-AF03-14626778AB23", "versionEndIncluding": "1.1.0h", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."}, {"lang": "es", "value": "Se ha demostrado que el algoritmo de generaci\u00f3n de claves RSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral de cach\u00e9. Un atacante con acceso suficiente para montar ataques de sincronizaci\u00f3n de cach\u00e9 durante el proceso de generaci\u00f3n de claves RSA podr\u00eda recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0i-dev (afecta a 1.1.0-1.1.0h). Se ha solucionado en OpenSSL 1.0.2p-dev (afecta a 1.0.2b-1.0.2o)."}], "id": "CVE-2018-0737", "lastModified": "2023-11-07T02:51:05.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-16T18:29:00.267", "references": [{"source": "openssl-security@openssl.org", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103766"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040685"}, {"source": "openssl-security@openssl.org", "url": "https://access.redhat.com/errata/RHSA-2018:3221"}, {"source": "openssl-security@openssl.org", "url": "https://access.redhat.com/errata/RHSA-2018:3505"}, {"source": "openssl-security@openssl.org", "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"source": "openssl-security@openssl.org", "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"source": "openssl-security@openssl.org", "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"}, {"source": "openssl-security@openssl.org", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"}, {"source": "openssl-security@openssl.org", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}, {"source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/201811-21"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20180726-0003/"}, {"source": "openssl-security@openssl.org", "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3628-1/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3628-2/"}, {"source": "openssl-security@openssl.org", "url": "https://usn.ubuntu.com/3692-1/"}, {"source": "openssl-security@openssl.org", "url": "https://usn.ubuntu.com/3692-2/"}, {"source": "openssl-security@openssl.org", "url": "https://www.debian.org/security/2018/dsa-4348"}, {"source": "openssl-security@openssl.org", "url": "https://www.debian.org/security/2018/dsa-4355"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20180416.txt"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "openssl-security@openssl.org", "url": "https://www.tenable.com/security/tns-2018-12"}, {"source": "openssl-security@openssl.org", "url": "https://www.tenable.com/security/tns-2018-13"}, {"source": "openssl-security@openssl.org", "url": "https://www.tenable.com/security/tns-2018-14"}, {"source": "openssl-security@openssl.org", "url": "https://www.tenable.com/security/tns-2018-17"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2018:3221", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.2k-16.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}, {"advisory": "RHSA-2019:3935", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "openssl", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2019-11-20T00:00:00Z"}], "bugzilla": {"description": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", "id": "1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-385", "details": ["The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key."], "name": "CVE-2018-0737", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "OVMF", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2018-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-0737\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0737\nhttp://www.openwall.com/lists/oss-security/2018/04/16/3\nhttps://www.openssl.org/news/secadv/20180416.txt"], "threat_severity": "Low", "upstream_fix": "openssl 1.1.0i, openssl 1.0.2p"}