PT-2018-2071 · Openssl+6 · Openssl+6

Published

2018-04-11

·

Updated

2024-06-15

·

CVE-2018-0737

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2b through 1.0.2o OpenSSL versions 1.1.0 through 1.1.0h
Description The OpenSSL RSA Key generation algorithm is susceptible to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The issue is related to errors in cryptographic transformations.
Recommendations For OpenSSL versions 1.0.2b through 1.0.2o, update to OpenSSL 1.0.2p-dev or later. For OpenSSL versions 1.1.0 through 1.1.0h, update to OpenSSL 1.1.0i-dev or later.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-310CWE-327

Related Identifiers

ALT-PU-2018-2232
BDU:2019-00021
CESA-2018_3221
CVE-2018-0737
DLA-1449-1
DSA-4348-1
DSA-4355-1
MGASA-2018-0365
OPENSUSE-SU-2018_2695-1
OPENSUSE-SU-2018_2957-1
OPENSUSE-SU-2018_3015-1
OPENSUSE-SU-2019:0152-1
OPENSUSE-SU-2019_0152-1
OPENSUSE-SU-2024:11126-1
OPENSUSE-SU-2024:11127-1
RHSA-2018:3221
RHSA-2018_3221
RHSA-2019:3932
RHSA-2019:3933
SUSE-FU-2022:0445-1
SUSE-SU-2018:2486-1
SUSE-SU-2018:2492-1
SUSE-SU-2018:2545-1
SUSE-SU-2018:2683-1
SUSE-SU-2018:2928-1
SUSE-SU-2018:2928-2
SUSE-SU-2018:2965-1
SUSE-SU-2018:3864-1
SUSE-SU-2018:3864-2
SUSE-SU-2018_2486-1
SUSE-SU-2018_2492-1
SUSE-SU-2018_2928-1
SUSE-SU-2018_2928-2
SUSE-SU-2019:0197-1
SUSE-SU-2019:1553-1
SUSE-SU-2019_0197-1
USN-3628-1
USN-3628-2
USN-3692-1
USN-3692-2

Affected Products

Alt Linux
Centos
Ibm Aix
Openssl
Red Hat
Suse
Ubuntu