CVE-2018-0735
Description
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
7.042
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-0734,CVE-2018-0735 are fixed in OpenSSL (x64) 1.1.0j | Windows |
| Vulnerabilities CVE-2018-0734,CVE-2018-0735 are fixed in OpenSSL (x64) 1.1.1a | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.13 | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.5 | Windows |
| Vulnerability CVE-2018-0735 are affected in Oracle VM VirtualBox 5.2.34 | Windows |
| Multiple vulnerabilities are fixed in Node.js (11.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js (x64)(11.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 10 (10.24.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (x64) (16.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (16.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 8.14.0 | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 (x64) 8.14.0 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 8.4 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 15.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 15.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 16.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 16.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 17.12 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 18.8 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.1-1ubuntu2.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.1-1ubuntu2.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.0g-2ubuntu4.3_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.0g-2ubuntu4.3_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu5.2_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu5.2_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu6.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu6.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.1f-1ubuntu2.27_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.1f-1ubuntu2.27_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2g-1ubuntu4.14_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2g-1ubuntu4.14_amd64.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_i386.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_amd64.deb | Linux |
| Multiple Vulnerabilities are affected in Mysql 8.0.13 (For Linux) | Linux |
| Multiple Vulnerabilities are affected in Mysql 8.0.5 (For Linux) | Linux |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342239 | Oracle VM VirtualBox (7.1.4) |
| PATCH-309917 | Node.js (11.15.0) |
| PATCH-309918 | Node.js (x64)(11.15.0) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-332182 | Node.js 16 (x64) (16.20.2) |
| PATCH-332181 | Node.js 16 (16.20.2) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234