Vulnerabilites related to oracle - mysql_enterprise_backup
cve-2018-0734
Vulnerability from cvelistv5
Published
2018-10-30 12:00
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:35:49.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "USN-3840-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3840-1/", }, { name: "DSA-4355", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20181105-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-17", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-16", }, { name: "105758", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105758", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7", }, { name: "DSA-4348", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20181030.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { name: "openSUSE-SU-2019:1547", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "openSUSE-SU-2019:1814", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", }, { name: "RHSA-2019:2304", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "FEDORA-2019-db06efdea1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3700", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3700", }, { name: "RHSA-2019:3933", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { name: "RHSA-2019:3935", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { name: "RHSA-2019:3932", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)", }, { status: "affected", version: "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)", }, ], }, ], credits: [ { lang: "en", value: "Samuel Weiser", }, ], datePublic: "2018-10-30T00:00:00", descriptions: [ { lang: "en", value: "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Low", value: "Low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Constant time issue", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T21:06:42", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "USN-3840-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3840-1/", }, { name: "DSA-4355", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20181105-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-17", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-16", }, { name: "105758", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105758", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7", }, { name: "DSA-4348", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20181030.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { name: "openSUSE-SU-2019:1547", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "openSUSE-SU-2019:1814", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", }, { name: "RHSA-2019:2304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "FEDORA-2019-db06efdea1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3700", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3700", }, { name: "RHSA-2019:3933", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { name: "RHSA-2019:3935", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { name: "RHSA-2019:3932", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "Timing attack against DSA", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2018-10-30", ID: "CVE-2018-0734", STATE: "PUBLIC", TITLE: "Timing attack against DSA", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)", }, { version_value: "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)", }, { version_value: "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Samuel Weiser", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Low", value: "Low", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Constant time issue", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "USN-3840-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3840-1/", }, { name: "DSA-4355", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4355", }, { name: "https://security.netapp.com/advisory/ntap-20181105-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20181105-0002/", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", }, { name: "https://www.tenable.com/security/tns-2018-17", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-17", }, { name: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", refsource: "CONFIRM", url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { name: "https://www.tenable.com/security/tns-2018-16", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-16", }, { name: "105758", refsource: "BID", url: "http://www.securityfocus.com/bid/105758", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7", }, { name: "DSA-4348", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4348", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac", }, { name: "https://www.openssl.org/news/secadv/20181030.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20181030.txt", }, { name: "https://security.netapp.com/advisory/ntap-20190118-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://security.netapp.com/advisory/ntap-20190423-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { name: "openSUSE-SU-2019:1547", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "openSUSE-SU-2019:1814", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", }, { name: "RHSA-2019:2304", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "FEDORA-2019-db06efdea1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3700", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3700", }, { name: "RHSA-2019:3933", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { name: "RHSA-2019:3935", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { name: "RHSA-2019:3932", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2018-0734", datePublished: "2018-10-30T12:00:00Z", dateReserved: "2017-11-30T00:00:00", dateUpdated: "2024-09-16T23:10:36.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5407
Vulnerability from cvelistv5
Published
2018-11-15 21:00
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| N/A | Processors supporting Simultaneous Multi-Threading |
Version: N/A |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:33:44.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2019:0483", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0483", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20181126-0001/", }, { name: "USN-3840-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3840-1/", }, { name: "DSA-4355", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-17", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { name: "GLSA-201903-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-16", }, { name: "45785", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/45785/", }, { name: "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/bbbrumley/portsmash", }, { name: "DSA-4348", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { name: "105897", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105897", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://eprint.iacr.org/2018/1060.pdf", }, { name: "RHSA-2019:0651", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0651", }, { name: "RHSA-2019:0652", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0652", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:2125", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2125", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS", }, { name: "RHSA-2019:3929", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3933", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { name: "RHSA-2019:3931", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { name: "RHSA-2019:3935", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { name: "RHSA-2019:3932", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Processors supporting Simultaneous Multi-Threading", vendor: "N/A", versions: [ { status: "affected", version: "N/A", }, ], }, ], datePublic: "2018-11-15T00:00:00", descriptions: [ { lang: "en", value: "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T21:06:46", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "RHSA-2019:0483", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0483", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20181126-0001/", }, { name: "USN-3840-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3840-1/", }, { name: "DSA-4355", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-17", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { name: "GLSA-201903-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-10", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-16", }, { name: "45785", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/45785/", }, { name: "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/bbbrumley/portsmash", }, { name: "DSA-4348", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { name: "105897", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105897", }, { tags: [ "x_refsource_MISC", ], url: "https://eprint.iacr.org/2018/1060.pdf", }, { name: "RHSA-2019:0651", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0651", }, { name: "RHSA-2019:0652", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0652", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:2125", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2125", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS", }, { name: "RHSA-2019:3929", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3933", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { name: "RHSA-2019:3931", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { name: "RHSA-2019:3935", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { name: "RHSA-2019:3932", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2018-5407", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Processors supporting Simultaneous Multi-Threading", version: { version_data: [ { version_value: "N/A", }, ], }, }, ], }, vendor_name: "N/A", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2019:0483", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0483", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://security.netapp.com/advisory/ntap-20181126-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20181126-0001/", }, { name: "USN-3840-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3840-1/", }, { name: "DSA-4355", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4355", }, { name: "https://www.tenable.com/security/tns-2018-17", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-17", }, { name: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", refsource: "CONFIRM", url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { name: "GLSA-201903-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201903-10", }, { name: "https://www.tenable.com/security/tns-2018-16", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-16", }, { name: "45785", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/45785/", }, { name: "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", }, { name: "https://github.com/bbbrumley/portsmash", refsource: "MISC", url: "https://github.com/bbbrumley/portsmash", }, { name: "DSA-4348", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4348", }, { name: "105897", refsource: "BID", url: "http://www.securityfocus.com/bid/105897", }, { name: "https://eprint.iacr.org/2018/1060.pdf", refsource: "MISC", url: "https://eprint.iacr.org/2018/1060.pdf", }, { name: "RHSA-2019:0651", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0651", }, { name: "RHSA-2019:0652", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0652", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:2125", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2125", }, { name: "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", }, { name: "RHSA-2019:3929", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3933", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { name: "RHSA-2019:3931", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { name: "RHSA-2019:3935", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { name: "RHSA-2019:3932", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2018-5407", datePublished: "2018-11-15T21:00:00", dateReserved: "2018-01-12T00:00:00", dateUpdated: "2024-08-05T05:33:44.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-10-30 12:29
Modified
2024-11-21 03:38
Severity ?
Summary
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "D942BAB1-862E-455A-AAB5-6E87FA891B92", versionEndIncluding: "1.0.2p", versionStartIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "5953EAB1-D0E8-48EA-B07D-3B828E6BB326", versionEndIncluding: "1.1.0i", versionStartIncluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F69F3542-173D-4E0D-99BB-42FDD206D996", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "D107EC29-67E7-40C3-8E5A-324C9105C5E4", versionEndIncluding: "6.8.1", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "2DEF4845-F577-4B12-AA48-39F0830B128E", versionEndExcluding: "6.15.0", versionStartIncluding: "6.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "74FB695D-2C76-47AB-988E-5629D2E695E5", versionEndIncluding: "8.8.1", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "7E79DFA7-55F8-453A-83E9-1C790902FCB8", versionEndExcluding: "8.14.0", versionStartIncluding: "8.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "25A3180B-21AF-4010-9DAB-41ADFD2D8031", versionEndIncluding: "10.12.0", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "4E62EA78-C705-4AC9-9C0B-3C9114087C37", versionEndExcluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*", matchCriteriaId: "541EAE2B-5446-46CE-BC91-13188EAD6092", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CBF1DFDA-FB66-4CEA-A658-B167326D1D96", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", matchCriteriaId: "0DF5449D-22D2-48B4-8F50-57B43DCB15B9", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "913DA418-A144-48CF-85AB-75B64BFD16DD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BBE38DB6-795A-479B-84A5-3DBA4A101F06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E18AA832-DAC1-41D2-8A7C-2C41F06A2281", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "98F3E643-4B65-4668-BB11-C61ED54D5A53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CDCE0E90-495E-4437-8529-3C36441FB69D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", matchCriteriaId: "62B31BEE-88C3-431D-8356-AC28F325E76E", versionEndIncluding: "3.12.3", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", matchCriteriaId: "4340D49A-E1F8-48B7-BA05-0338293B1A14", versionEndIncluding: "4.1.2", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "08720A23-3B40-4394-8785-845EFEEFAA87", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7CFFE5D2-FB9A-45F9-9FBC-25A6DA9E189A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*", matchCriteriaId: "092AD60D-99F2-4203-966A-3002E6D9C55B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*", matchCriteriaId: "273EAFA7-81C4-41A6-B44A-95BA18D9DCB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*", matchCriteriaId: "DA25D523-25C4-4EFD-A1BC-0BEEB0EEF8AE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*", matchCriteriaId: "F2DEE1C6-215C-47B5-A92D-E4627AD9D503", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*", matchCriteriaId: "BBE3E82F-DCB6-4E1E-BA08-67C85384BBB5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "92A6A7BA-CCE6-426F-8434-7A578A245180", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", }, { lang: "es", value: "Se ha demostrado que el algoritmo de firmas DSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. Un atacante podría emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1). Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.0.2q (afecta a 1.0.2-1.0.2p).", }, ], id: "CVE-2018-0734", lastModified: "2024-11-21T03:38:50.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-30T12:29:00.257", references: [ { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105758", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3700", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181105-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3840-1/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20181030.txt", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-16", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181105-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190118-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3840-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20181030.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-17", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-15 21:29
Modified
2024-11-21 04:08
Severity ?
Summary
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "4F608F84-5A94-4DC1-A7B8-E19028F96A40", versionEndExcluding: "6.14.4", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "468A9D35-95E1-473B-A5D3-9BD78818F599", versionEndExcluding: "8.11.4", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", matchCriteriaId: "48A01678-361E-4F23-B7D6-41B0C145F491", versionEndExcluding: "10.9.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "0DF92E05-808F-4D22-BD55-3571BF46889F", versionEndExcluding: "1.0.2q", versionStartIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "B64CB987-8B48-4B65-BC6A-B39F1F69F4B7", versionEndExcluding: "1.1.0i", versionStartIncluding: "1.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", matchCriteriaId: "0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2", versionEndExcluding: "8.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "BD941CDF-8486-43F7-9D98-2B8785B1B139", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EDE18990-1FC9-4624-971B-2E87BF0871AF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "17C29F2D-CBE6-4E22-98AE-787E939ED161", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "98F3E643-4B65-4668-BB11-C61ED54D5A53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CDCE0E90-495E-4437-8529-3C36441FB69D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", matchCriteriaId: "D2049488-5CE2-4C56-8B0E-BA7C499A7372", versionEndIncluding: "3.12.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", matchCriteriaId: "81B25011-AEFA-453D-AF1E-5945AB625767", versionEndIncluding: "4.1.2", versionStartIncluding: "3.12.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "7A1E1023-2EB9-4334-9B74-CA71480F71C2", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", matchCriteriaId: "84BF6794-2CE6-407F-B8E0-81871AB7B40B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", matchCriteriaId: "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", matchCriteriaId: "3F021C23-AB9B-4877-833F-D01359A98762", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", matchCriteriaId: "2F8ED016-32A1-42EE-844E-3E6B2C116B74", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", matchCriteriaId: "A046CC2C-445F-4336-8810-930570B4FEC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", matchCriteriaId: "0745445C-EC43-4091-BA7C-5105AFCC6F1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "92A6A7BA-CCE6-426F-8434-7A578A245180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8", versionEndExcluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", }, { lang: "es", value: "SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la \"contención de puertos\".", }, ], id: "CVE-2018-5407", lastModified: "2024-11-21T04:08:45.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-15T21:29:00.233", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105897", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0483", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0651", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0652", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2125", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { source: "cret@cert.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://eprint.iacr.org/2018/1060.pdf", }, { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bbbrumley/portsmash", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-10", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181126-0001/", }, { source: "cret@cert.org", url: "https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3840-1/", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45785/", }, { source: "cret@cert.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cret@cert.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cret@cert.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cret@cert.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cret@cert.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-16", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://eprint.iacr.org/2018/1060.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bbbrumley/portsmash", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181126-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3840-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/45785/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2018-17", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "cret@cert.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }