CVE-2018-0734

{"id": "CVE-2018-0734", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-10-30T12:29:00.257", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "http://www.securityfocus.com/bid/105758", "tags": ["Third Party Advisory", "VDB Entry"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2304", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3700", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3932", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3933", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3935", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac", "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", "source": "openssl-security@openssl.org"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", "source": "openssl-security@openssl.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", "source": "openssl-security@openssl.org"}, {"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20181105-0002/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190118-0002/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190423-0002/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://usn.ubuntu.com/3840-1/", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2018/dsa-4348", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.debian.org/security/2018/dsa-4355", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20181030.txt", "tags": ["Vendor Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-16", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}, {"url": "https://www.tenable.com/security/tns-2018-17", "tags": ["Third Party Advisory"], "source": "openssl-security@openssl.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."}, {"lang": "es", "value": "Se ha demostrado que el algoritmo de firmas DSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral. Un atacante podr\u00eda emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1). Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.0.2q (afecta a 1.0.2-1.0.2p)."}], "lastModified": "2023-11-07T02:51:05.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D942BAB1-862E-455A-AAB5-6E87FA891B92", "versionEndIncluding": "1.0.2p", "versionStartIncluding": "1.0.2"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5953EAB1-D0E8-48EA-B07D-3B828E6BB326", "versionEndIncluding": "1.1.0i", "versionStartIncluding": "1.1.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F69F3542-173D-4E0D-99BB-42FDD206D996"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4", "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "2DEF4845-F577-4B12-AA48-39F0830B128E", "versionEndExcluding": "6.15.0", "versionStartIncluding": "6.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5", "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "7E79DFA7-55F8-453A-83E9-1C790902FCB8", "versionEndExcluding": "8.14.0", "versionStartIncluding": "8.9.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031", "versionEndIncluding": "10.12.0", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37", "versionEndExcluding": "11.3.0", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "541EAE2B-5446-46CE-BC91-13188EAD6092"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBF1DFDA-FB66-4CEA-A658-B167326D1D96"}, {"criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}, {"criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9"}, {"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22"}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "913DA418-A144-48CF-85AB-75B64BFD16DD"}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBE38DB6-795A-479B-84A5-3DBA4A101F06"}, {"criteria": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E18AA832-DAC1-41D2-8A7C-2C41F06A2281"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B31BEE-88C3-431D-8356-AC28F325E76E", "versionEndIncluding": "3.12.3", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4340D49A-E1F8-48B7-BA05-0338293B1A14", "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08720A23-3B40-4394-8785-845EFEEFAA87", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CFFE5D2-FB9A-45F9-9FBC-25A6DA9E189A"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092AD60D-99F2-4203-966A-3002E6D9C55B"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "273EAFA7-81C4-41A6-B44A-95BA18D9DCB7"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA25D523-25C4-4EFD-A1BC-0BEEB0EEF8AE"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2DEE1C6-215C-47B5-A92D-E4627AD9D503"}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBE3E82F-DCB6-4E1E-BA08-67C85384BBB5"}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180"}], "operator": "OR"}]}], "sourceIdentifier": "openssl-security@openssl.org"}