CVE - CVE-2018-0735

CVE-ID
CVE-2018-0735	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:105750 URL:http://www.securityfocus.com/bid/105750 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1 CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 CONFIRM:https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ CONFIRM:https://security.netapp.com/advisory/ntap-20181105-0002/ CONFIRM:https://www.openssl.org/news/secadv/20181029.txt CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html DEBIAN:DSA-4348 URL:https://www.debian.org/security/2018/dsa-4348 MISC:https://www.oracle.com/security-alerts/cpujan2020.html MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html MLIST:[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html REDHAT:RHSA-2019:3700 URL:https://access.redhat.com/errata/RHSA-2019:3700 SECTRACK:1041986 URL:http://www.securitytracker.com/id/1041986 UBUNTU:USN-3840-1 URL:https://usn.ubuntu.com/3840-1/
Assigning CNA
OpenSSL Software Foundation
Date Record Created
20171130	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20171130)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)