Information Exposure
Affecting openssl package, versions <1.0.2g-1ubuntu4.14
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- Exploit DB
- Gentoo Security Advisory
- MISC
- MISC
- MISC
- N/A
- Netapp Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
4.7
low severity
-
Attack VectorLocal
-
Attack ComplexityHigh
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2018-5407
- CWE
- CWE-200 CWE-203
- Snyk ID
- SNYK-UBUNTU1604-OPENSSL-374456
- Disclosed
- 15 Nov, 2018
- Published
- 02 Dec, 2018