CVE-2018-0734
Description
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
6.051
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-0734,CVE-2018-0735 are fixed in OpenSSL (x64) 1.1.0j | Windows |
| Vulnerabilities CVE-2018-0734,CVE-2018-0735 are fixed in OpenSSL (x64) 1.1.1a | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0734 are fixed in OpenSSL (x64) 1.0.2q | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.13 | Windows |
| Vulnerabilities CVE-2018-0734 are fixed in Oracle VM VirtualBox (6.0.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js (11.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js (x64)(11.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 10 (10.24.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (x64) (16.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (16.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 8.14.0 | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 (x64) 8.14.0 | Windows |
| Multiple vulnerabilities are affected in Mysql 5.6.42 | Windows |
| Multiple vulnerabilities are affected in Mysql 5.7.24 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Nessus 7.1.4 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0734 are fixed in Nessus 8.1.1 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Tenable Nessus 7.1.4 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0734 are fixed in Tenable Nessus 8.1.1 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter - | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 | Windows |
| Vulnerabilities CVE-2016-1000031,CVE-2018-0732,CVE-2018-0734,CVE-2018-19362,CVE-2019-2512 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.1-1ubuntu2.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.1-1ubuntu2.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.0g-2ubuntu4.3_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.0g-2ubuntu4.3_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu5.2_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu5.2_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu6.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu6.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.1f-1ubuntu2.27_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.1f-1ubuntu2.27_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2g-1ubuntu4.14_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2g-1ubuntu4.14_amd64.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_i386.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl-devel-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-debuginfo-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-debuginfo-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-debugsource-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Server 12-SP3 ) libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Server 12-SP3 ) libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Server 12-SP3 ) openssl-doc-1.0.2j-60.46.1.noarch.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-debuginfo-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssl-1_0_0-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssl-1_0_0-debuginfo-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssl-1_0_0-debugsource-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Server 12-SP4 ) openssl-1_0_0-doc-1.0.2p-3.3.1.noarch.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) compat-openssl098-debugsource-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.9.1.x86_64.rpm | Linux |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0734) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-310858 | Oracle VM VirtualBox (6.0.12) |
| PATCH-309917 | Node.js (11.15.0) |
| PATCH-309918 | Node.js (x64)(11.15.0) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-332182 | Node.js 16 (x64) (16.20.2) |
| PATCH-332181 | Node.js 16 (16.20.2) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234