PT-2018-2071 · Openssl+6 · Openssl+6

Publicado

2018-04-11

·

Atualizado

2024-06-15

·

CVE-2018-0737

CVSS v2.0

7.1

Alta

VetorAV:N/AC:M/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2b through 1.0.2o OpenSSL versions 1.1.0 through 1.1.0h
Description The OpenSSL RSA Key generation algorithm is susceptible to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The issue is related to errors in cryptographic transformations.
Recommendations For OpenSSL versions 1.0.2b through 1.0.2o, update to OpenSSL 1.0.2p-dev or later. For OpenSSL versions 1.1.0 through 1.1.0h, update to OpenSSL 1.1.0i-dev or later.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310CWE-327

Identificadores relacionados

ALT-PU-2018-2232
BDU:2019-00021
CESA-2018_3221
CVE-2018-0737
DLA-1449-1
DSA-4348-1
DSA-4355-1
MGASA-2018-0365
OPENSUSE-SU-2018_2695-1
OPENSUSE-SU-2018_2957-1
OPENSUSE-SU-2018_3015-1
OPENSUSE-SU-2019:0152-1
OPENSUSE-SU-2019_0152-1
OPENSUSE-SU-2024:11126-1
OPENSUSE-SU-2024:11127-1
RHSA-2018:3221
RHSA-2018_3221
RHSA-2019:3932
RHSA-2019:3933
SUSE-FU-2022:0445-1
SUSE-SU-2018:2486-1
SUSE-SU-2018:2492-1
SUSE-SU-2018:2545-1
SUSE-SU-2018:2683-1
SUSE-SU-2018:2928-1
SUSE-SU-2018:2928-2
SUSE-SU-2018:2965-1
SUSE-SU-2018:3864-1
SUSE-SU-2018:3864-2
SUSE-SU-2018_2486-1
SUSE-SU-2018_2492-1
SUSE-SU-2018_2928-1
SUSE-SU-2018_2928-2
SUSE-SU-2019:0197-1
SUSE-SU-2019:1553-1
SUSE-SU-2019_0197-1
USN-3628-1
USN-3628-2
USN-3692-1
USN-3692-2

Produtos afetados

Alt Linux
Centos
Ibm Aix
Openssl
Red Hat
Suse
Ubuntu