PT-2018-2792 · Openssl+6 · Openssl+6

Publicado

2018-10-25

Atualizado

2026-05-18

CVE-2018-0735

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0i OpenSSL version 1.1.1

Description The OpenSSL ECDSA signature algorithm is susceptible to a timing side channel attack. This allows an attacker to potentially recover the private key by exploiting variations in the signing algorithm.

Recommendations For OpenSSL versions 1.1.0 through 1.1.0i, update to version 1.1.0j to resolve the issue. For OpenSSL version 1.1.1, update to version 1.1.1a to resolve the issue.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327CWE-320

Identificadores relacionados

ALT-PU-2018-2675

ALT-PU-2019-1183

ALT-PU-2020-1123

ALT-PU-2020-1124

ALT-PU-2020-1125

ALT-PU-2020-1126

ALT-PU-2020-1127

ALT-PU-2020-1436

ALT-PU-2020-1437

ALT-PU-2020-1438

ALT-PU-2020-1439

ALT-PU-2020-1440

BDU:2019-01881

CESA-2019_0483

CESA-2019_3700

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2018-0735

DLA-1586-1

DSA-4348-1

OPENSUSE-SU-2018_3890-1

OPENSUSE-SU-2024:11127-1

RHSA-2019:0483

RHSA-2019:3700

RHSA-2019_0483

RHSA-2019_3700

SUSE-SU-2018:3863-1

SUSE-SU-2018:3945-1

USN-3840-1

Produtos afetados

Alt Linux

Centos

Openssl

Red Hat

Suse

Ubuntu

Virtualbox

PT-2018-2792 · Openssl+6 · Openssl+6

CVE-2018-0735

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 324