admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 02:31:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-07xx/CVE-2018-0737.json

292 lines
9.3 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2018-0737",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2018-04-16T18:29:00.267",
"lastModified": "2021-07-20T23:15:12.827",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)."
},
{
"lang": "es",
"value": "Se ha demostrado que el algoritmo de generaci\u00f3n de claves RSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral de cach\u00e9. Un atacante con acceso suficiente para montar ataques de sincronizaci\u00f3n de cach\u00e9 durante el proceso de generaci\u00f3n de claves RSA podr\u00eda recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0i-dev (afecta a 1.1.0-1.1.0h). Se ha solucionado en OpenSSL 1.0.2p-dev (afecta a 1.0.2b-1.0.2o)."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.2b",
"versionEndIncluding": "1.0.2o",
"matchCriteriaId": "E14A0A5C-7968-4966-B32C-FAFB42644B4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.0h",
"matchCriteriaId": "BF986111-5DDB-4BC8-AF03-14626778AB23"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"
}
]
}
]
}
],
"references": [
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"source": "openssl-security@openssl.org"
},
{
"url": "http://www.securityfocus.com/bid/103766",
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1040685",
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:3221",
"source": "openssl-security@openssl.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2018:3505",
"source": "openssl-security@openssl.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3932",
"source": "openssl-security@openssl.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3933",
"source": "openssl-security@openssl.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3935",
"source": "openssl-security@openssl.org"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f",
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787",
"source": "openssl-security@openssl.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html",
"source": "openssl-security@openssl.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://security.gentoo.org/glsa/201811-21",
"source": "openssl-security@openssl.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180726-0003/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
"source": "openssl-security@openssl.org"
},
{
"url": "https://usn.ubuntu.com/3628-1/",
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/3628-2/",
"source": "openssl-security@openssl.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/3692-1/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://usn.ubuntu.com/3692-2/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.debian.org/security/2018/dsa-4348",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.debian.org/security/2018/dsa-4355",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20180416.txt",
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.tenable.com/security/tns-2018-12",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.tenable.com/security/tns-2018-13",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.tenable.com/security/tns-2018-14",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.tenable.com/security/tns-2018-17",
"source": "openssl-security@openssl.org"
}
]
}
Reference in New Issue Copy Permalink