PT-2018-2792 · Openssl+6 · Openssl+6

Published

2018-10-25

Updated

2026-05-18

CVE-2018-0735

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.0 through 1.1.0i OpenSSL version 1.1.1

Description The OpenSSL ECDSA signature algorithm is susceptible to a timing side channel attack. This allows an attacker to potentially recover the private key by exploiting variations in the signing algorithm.

Recommendations For OpenSSL versions 1.1.0 through 1.1.0i, update to version 1.1.0j to resolve the issue. For OpenSSL version 1.1.1, update to version 1.1.1a to resolve the issue.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-320

Related Identifiers

ALT-PU-2018-2675

ALT-PU-2019-1183

ALT-PU-2020-1123

ALT-PU-2020-1124

ALT-PU-2020-1125

ALT-PU-2020-1126

ALT-PU-2020-1127

ALT-PU-2020-1436

ALT-PU-2020-1437

ALT-PU-2020-1438

ALT-PU-2020-1439

ALT-PU-2020-1440

BDU:2019-01881

CESA-2019_0483

CESA-2019_3700

CLEANSTART-2026-BD71263

CLEANSTART-2026-IS74202

CLEANSTART-2026-JR35772

CLEANSTART-2026-JY06700

CLEANSTART-2026-KN34553

CLEANSTART-2026-KZ45320

CLEANSTART-2026-LJ44720

CLEANSTART-2026-LN12820

CLEANSTART-2026-TX00223

CLEANSTART-2026-WI75198

CVE-2018-0735

DLA-1586-1

DSA-4348-1

OPENSUSE-SU-2018_3890-1

OPENSUSE-SU-2024:11127-1

RHSA-2019:0483

RHSA-2019:3700

RHSA-2019_0483

RHSA-2019_3700

SUSE-SU-2018:3863-1

SUSE-SU-2018:3945-1

USN-3840-1

Affected Products

Alt Linux

Centos

Openssl

Red Hat

Suse

Ubuntu

Virtualbox

PT-2018-2792 · Openssl+6 · Openssl+6

CVE-2018-0735

Weakness Enumeration

Related Identifiers

Affected Products

References · 324