CVE-2018-0737
Description
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
36.582
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-0732,CVE-2018-0737 are fixed in OpenSSL (x64) 1.0.2p | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0737 are fixed in OpenSSL (x64) 1.1.0i | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 10 (10.24.1) | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 8 8.11.4 | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 8 (x64) 8.11.4 | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737,CVE-2018-7166,CVE-2018-12115 are fixed in Node.js 6.14.4 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Nessus 7.1.4 | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737 are fixed in Nessus 8.0.0 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Tenable Nessus 7.1.4 | Windows |
| Vulnerabilities CVE-2018-0732,CVE-2018-0737 are fixed in Tenable Nessus 8.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3628-1) libssl1.0.0_1.0.1f-1ubuntu2.25_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3628-1) libssl1.0.0_1.0.1f-1ubuntu2.25_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3628-1) libssl1.0.0_1.0.2g-1ubuntu13.5_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3628-1) libssl1.0.0_1.0.2g-1ubuntu13.5_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3628-1) libssl1.0.0_1.0.2g-1ubuntu4.12_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3628-1) libssl1.0.0_1.0.2g-1ubuntu4.12_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.1_1.1.0g-2ubuntu4.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2n-1ubuntu5.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2n-1ubuntu5.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.1f-1ubuntu2.26_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.1f-1ubuntu2.26_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu13.6_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu13.6_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu4.13_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3692-1) libssl1.0.0_1.0.2g-1ubuntu4.13_amd64.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_i386.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:2486-1(SUSE Linux Enterprise Server 11-SP4 ) libopenssl0_9_8-0.9.8j-0.106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2486-1(SUSE Linux Enterprise Server 11-SP4 ) libopenssl0_9_8-32bit-0.9.8j-0.106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2486-1(SUSE Linux Enterprise Server 11-SP4 ) libopenssl0_9_8-hmac-0.9.8j-0.106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2486-1(SUSE Linux Enterprise Server 11-SP4 ) libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2486-1(SUSE Linux Enterprise Server 11-SP4 ) openssl-0.9.8j-0.106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2486-1(SUSE Linux Enterprise Server 11-SP4 ) openssl-doc-0.9.8j-0.106.15.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) compat-openssl098-debugsource-0.9.8j-106.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-0.9.8j-106.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-32bit-0.9.8j-106.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-0.9.8j-106.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2683-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.6.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl-devel-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-32bit-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-debuginfo-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Server 12-SP3 ) libopenssl1_0_0-hmac-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Server 12-SP3 ) libopenssl1_0_0-hmac-32bit-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-debuginfo-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-debugsource-1.0.2j-60.39.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2928-1(SUSE Linux Enterprise Server 12-SP3 ) openssl-doc-1.0.2j-60.39.1.noarch.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpm | Linux |
| (RHSA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpm | Linux |
| Openssl update (ELSA-2019-2471) openssl-1.0.1e-58.0.1.el6_10.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2019-2471) openssl-devel-1.0.1e-58.0.1.el6_10.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2019-2471) openssl-perl-1.0.1e-58.0.1.el6_10.x86_64.rpm | Linux |
| Openssl-static update (ELSA-2019-2471) openssl-static-1.0.1e-58.0.1.el6_10.x86_64.rpm | Linux |
| Openssl update (ELSA-2019-2471) openssl-1.0.1e-58.0.1.el6_10.i686.rpm | Linux |
| Openssl-devel update (ELSA-2019-2471) openssl-devel-1.0.1e-58.0.1.el6_10.i686.rpm | Linux |
| Openssl-perl update (ELSA-2019-2471) openssl-perl-1.0.1e-58.0.1.el6_10.i686.rpm | Linux |
| Openssl-static update (ELSA-2019-2471) openssl-static-1.0.1e-58.0.1.el6_10.i686.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-1.0.2k-16.el7.x86_64.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.i686.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-devel-1.0.2k-16.el7.x86_64.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.i686.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-libs-1.0.2k-16.el7.x86_64.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-perl-1.0.2k-16.el7.x86_64.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.i686.rpm | Linux |
| (CESA-2018:3221) openssl security, bug fix, and enhancement update openssl-static-1.0.2k-16.el7.x86_64.rpm | Linux |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0737) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234