Use of a Broken or Risky Cryptographic Algorithm
Affecting openssl package, versions <1.0.2g-1ubuntu4.14
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
References
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Tracker
- FEDORA
- FEDORA
- FEDORA
- MISC
- MISC
- N/A
- Netapp Security Advisory
- Netapp Security Advisory
- Netapp Security Advisory
- OpenSSL Security Advisory
- OpenSuse Security Announcement
- Oracle Security Advisory
- Oracle Security Advisory
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- SUSE
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
5.9
low severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2018-0734
- CWE
- CWE-327
- Snyk ID
- SNYK-UBUNTU1604-OPENSSL-373427
- Disclosed
- 30 Oct, 2018
- Published
- 02 Dec, 2018