CVE-2018-0734 - Medium Severity Vulnerability
Vulnerable Library - opensslOpenSSL_1_1_1w
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
Vulnerable Source Files (1)
/crypto/openssl/crypto/dsa/dsa_ossl.c
Vulnerability Details
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Publish Date: 2018-10-30
URL: CVE-2018-0734
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
Release Date: 2018-10-30
Fix Resolution: 1.0.2q,1.1.0j,1.1.1a,openssl - 1.0.2p,https://github.com/openssl/openssl.git - openssl-1.0.2q,https://github.com/openssl/openssl.git - openssl-1.1.0j,https://github.com/openssl/openssl.git - openssl-1.1.1a
Step up your Open Source Security Game with Mend here
CVE-2018-0734 - Medium Severity Vulnerability
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Publish Date: 2018-10-30
URL: CVE-2018-0734
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
Release Date: 2018-10-30
Fix Resolution: 1.0.2q,1.1.0j,1.1.1a,openssl - 1.0.2p,https://github.com/openssl/openssl.git - openssl-1.0.2q,https://github.com/openssl/openssl.git - openssl-1.1.0j,https://github.com/openssl/openssl.git - openssl-1.1.1a
Step up your Open Source Security Game with Mend here