← voltar
CVE-2018-0737

Cache timing vulnerability in RSA Key Generation

EPSS 12.0%
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 12.0%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
16 abr 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
Produtos afetados
OpenSSL · OpenSSL

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://access.redhat.com/errata/RHSA-2019:3932https://access.redhat.com/errata/RHSA-2019:3933https://access.redhat.com/errata/RHSA-2019:3935https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3fhttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787https://lists.debian.org/debian-lts-announce/2018/07/msg00043.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/