CVE-2018-0735
EUVD-2018-154529.10.2018, 13:29
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openssl | openssl | 1.1.0 ≤ 𝑥 ≤ 1.1.0i |
| openssl | openssl | 1.1.1 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| nodejs | node.js | 10.0.0 ≤ 𝑥 < 10.12.0 |
| nodejs | node.js | 11.0.0 ≤ 𝑥 < 11.3.0 |
| nodejs | node.js | 10.13.0 |
| netapp | cn1610_firmware | - |
| netapp | cloud_backup | - |
| netapp | element_software | - |
| netapp | oncommand_unified_manager | * |
| netapp | oncommand_unified_manager | 9.4 ≤ |
| netapp | santricity_smi-s_provider | - |
| netapp | smi-s_provider | - |
| netapp | snapdrive | - |
| netapp | snapdrive | - |
| netapp | steelstore | - |
| oracle | api_gateway | 11.1.2.4.0 |
| oracle | application_server | 0.9.8 |
| oracle | application_server | 1.0.0 |
| oracle | application_server | 1.0.1 |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 |
| oracle | enterprise_manager_ops_center | 12.3.3 |
| oracle | mysql | 𝑥 ≤ 5.6.42 |
| oracle | mysql | 5.7.0 ≤ 𝑥 ≤ 5.7.24 |
| oracle | mysql | 8.0.0 ≤ 𝑥 ≤ 8.0.13 |
| oracle | peoplesoft_enterprise_peopletools | 8.55 |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 17.7 ≤ 𝑥 ≤ 17.12 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 8.4 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.1 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 15.2 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.1 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.2 |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.8 |
| oracle | secure_global_desktop | 5.4 |
| oracle | tuxedo | 12.1.1.0.0 |
| oracle | vm_virtualbox | 𝑥 < 6.0.0 |
| oracle | vm_virtualbox | 5.0.0 ≤ 𝑥 < 5.2.24 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssl |
| ||||||||||||||||||
| openssl098 |
| ||||||||||||||||||
| openssl1.0 |
|
Common Weakness Enumeration
References