csaf_suse - suse-su-2018:4068-1

suse-su-2018:4068-1

Vulnerability from csaf_suse

Published

2018-12-11 08:21

Modified

2018-12-11 08:21

Summary

Security update for compat-openssl098

Notes

Title of the patch

Security update for compat-openssl098

Description of the patch

This update for compat-openssl098 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the 'One and Done' side-channel attack on RSA (bsc#1104789).

Patchnames

SUSE-SLE-DESKTOP-12-SP3-2018-2893,SUSE-SLE-DESKTOP-12-SP4-2018-2893,SUSE-SLE-Module-Legacy-12-2018-2893,SUSE-SLE-SAP-12-SP1-2018-2893,SUSE-SLE-SAP-12-SP2-2018-2893,SUSE-SLE-SAP-12-SP3-2018-2893,SUSE-SLE-SAP-12-SP4-2018-2893

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for compat-openssl098",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for compat-openssl098 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534).\n- CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018).\n- Fixed the \u0027One and Done\u0027 side-channel attack on RSA (bsc#1104789).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP3-2018-2893,SUSE-SLE-DESKTOP-12-SP4-2018-2893,SUSE-SLE-Module-Legacy-12-2018-2893,SUSE-SLE-SAP-12-SP1-2018-2893,SUSE-SLE-SAP-12-SP2-2018-2893,SUSE-SLE-SAP-12-SP3-2018-2893,SUSE-SLE-SAP-12-SP4-2018-2893",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4068-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:4068-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184068-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:4068-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004950.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1104789",
        "url": "https://bugzilla.suse.com/1104789"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1110018",
        "url": "https://bugzilla.suse.com/1110018"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113534",
        "url": "https://bugzilla.suse.com/1113534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113652",
        "url": "https://bugzilla.suse.com/1113652"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8610 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8610/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-0734 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-0734/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5407 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5407/"
      }
    ],
    "title": "Security update for compat-openssl098",
    "tracking": {
      "current_release_date": "2018-12-11T08:21:22Z",
      "generator": {
        "date": "2018-12-11T08:21:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:4068-1",
      "initial_release_date": "2018-12-11T08:21:22Z",
      "revision_history": [
        {
          "date": "2018-12-11T08:21:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-0.9.8j-106.9.1.s390x",
                "product": {
                  "name": "libopenssl0_9_8-0.9.8j-106.9.1.s390x",
                  "product_id": "libopenssl0_9_8-0.9.8j-106.9.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
                "product": {
                  "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
                  "product_id": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
                "product": {
                  "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
                  "product_id": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
                "product": {
                  "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
                  "product_id": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP4",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Legacy 12",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Legacy 12",
                  "product_id": "SUSE Linux Enterprise Module for Legacy 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-legacy:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 12",
          "product_id": "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        },
        "product_reference": "libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-8610",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8610"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8610",
          "url": "https://www.suse.com/security/cve/CVE-2016-8610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005878 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1005878"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005879 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1005879"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1110018 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1110018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120592 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1120592"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1126909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/1148697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 982575 for CVE-2016-8610",
          "url": "https://bugzilla.suse.com/982575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-12-11T08:21:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-8610"
    },
    {
      "cve": "CVE-2018-0734",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-0734"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-0734",
          "url": "https://www.suse.com/security/cve/CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113534 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1113534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113652 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1113652"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113742 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1113742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122198 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1122198"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122212 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1122212"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1126909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1148697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-12-11T08:21:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-0734"
    },
    {
      "cve": "CVE-2018-5407",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5407"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
          "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5407",
          "url": "https://www.suse.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113534 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1113534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116195 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1116195"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1126909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1148697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP3:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP4:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.s390x",
            "SUSE Linux Enterprise Module for Legacy 12:libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP2:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libopenssl0_9_8-0.9.8j-106.9.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl0_9_8-0.9.8j-106.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-12-11T08:21:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5407"
    }
  ]
}

CVE-2016-8610 (GCVE-0-2016-8610)

Vulnerability from cvelistv5

Published

2017-11-13 22:00

Modified

2024-08-06 02:27

Severity ?

CWE

CWE-400

Summary

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

References

URL

Tags

	http://www.securityfocus.com/bid/93841	vdb-entry, x_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2017-1659.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1658	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1801	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0286.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1413	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2494	vendor-advisory, x_refsource_REDHAT
	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc	vendor-advisory, x_refsource_FREEBSD
	https://access.redhat.com/errata/RHSA-2017:1414	vendor-advisory, x_refsource_REDHAT
	http://seclists.org/oss-sec/2016/q4/224	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2017-0574.html	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2017/dsa-3773	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2017-1415.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1037084	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:1802	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2493	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20171130-0001/	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610	x_refsource_CONFIRM
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401	x_refsource_CONFIRM
	https://security.360.cn/cve/CVE-2016-8610/	x_refsource_MISC
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us	x_refsource_CONFIRM
	https://security.paloaltonetworks.com/CVE-2016-8610	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: All 0.9.8 Version: All 1.0.1 Version: 1.0.2 through 1.0.2h Version: 1.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:40.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93841",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93841"
          },
          {
            "name": "RHSA-2017:1659",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
          },
          {
            "name": "RHSA-2017:1658",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1658"
          },
          {
            "name": "RHSA-2017:1801",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1801"
          },
          {
            "name": "RHSA-2017:0286",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
          },
          {
            "name": "RHSA-2017:1413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1413"
          },
          {
            "name": "RHSA-2017:2494",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2494"
          },
          {
            "name": "FreeBSD-SA-16:35",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
          },
          {
            "name": "RHSA-2017:1414",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1414"
          },
          {
            "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2016/q4/224"
          },
          {
            "name": "RHSA-2017:0574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
          },
          {
            "name": "DSA-3773",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3773"
          },
          {
            "name": "RHSA-2017:1415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
          },
          {
            "name": "1037084",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037084"
          },
          {
            "name": "RHSA-2017:1802",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1802"
          },
          {
            "name": "RHSA-2017:2493",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2493"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.360.cn/cve/CVE-2016-8610/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2016-8610"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "All 0.9.8"
            },
            {
              "status": "affected",
              "version": "All 1.0.1"
            },
            {
              "status": "affected",
              "version": "1.0.2 through 1.0.2h"
            },
            {
              "status": "affected",
              "version": "1.1.0"
            }
          ]
        }
      ],
      "datePublic": "2016-10-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:51",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "93841",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93841"
        },
        {
          "name": "RHSA-2017:1659",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
        },
        {
          "name": "RHSA-2017:1658",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1658"
        },
        {
          "name": "RHSA-2017:1801",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1801"
        },
        {
          "name": "RHSA-2017:0286",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
        },
        {
          "name": "RHSA-2017:1413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1413"
        },
        {
          "name": "RHSA-2017:2494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2494"
        },
        {
          "name": "FreeBSD-SA-16:35",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
        },
        {
          "name": "RHSA-2017:1414",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1414"
        },
        {
          "name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2016/q4/224"
        },
        {
          "name": "RHSA-2017:0574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
        },
        {
          "name": "DSA-3773",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3773"
        },
        {
          "name": "RHSA-2017:1415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
        },
        {
          "name": "1037084",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037084"
        },
        {
          "name": "RHSA-2017:1802",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1802"
        },
        {
          "name": "RHSA-2017:2493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2493"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.360.cn/cve/CVE-2016-8610/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03897en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2016-8610"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8610",
    "datePublished": "2017-11-13T22:00:00Z",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:40.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0734 (GCVE-0-2018-0734)

Vulnerability from cvelistv5

Published

2018-10-30 12:00

Modified

2024-09-16 23:10

Severity ?

CWE

Constant time issue

Summary

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

References

URL

Tags

	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://usn.ubuntu.com/3840-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4355	vendor-advisory, x_refsource_DEBIAN
	https://security.netapp.com/advisory/ntap-20181105-0002/	x_refsource_CONFIRM
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2018-17	x_refsource_CONFIRM
	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2018-16	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105758	vdb-entry, x_refsource_BID
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4348	vendor-advisory, x_refsource_DEBIAN
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac	x_refsource_CONFIRM
	https://www.openssl.org/news/secadv/20181030.txt	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20190118-0002/	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20190423-0002/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html	vendor-advisory, x_refsource_SUSE
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:2304	vendor-advisory, x_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:3700	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3935	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3932	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 1.1.1a (Affected 1.1.1) Version: Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i) Version: Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "105758",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105758"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20181030.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "name": "openSUSE-SU-2019:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "openSUSE-SU-2019:1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3700"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Samuel Weiser"
        }
      ],
      "datePublic": "2018-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Constant time issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:42",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "105758",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105758"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20181030.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "name": "openSUSE-SU-2019:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "openSUSE-SU-2019:1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "title": "Timing attack against DSA",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-10-30",
          "ID": "CVE-2018-0734",
          "STATE": "PUBLIC",
          "TITLE": "Timing attack against DSA"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Samuel Weiser"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Constant time issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "105758",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105758"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20181030.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20181030.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "openSUSE-SU-2019:1547",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "openSUSE-SU-2019:1814",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3700"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0734",
    "datePublished": "2018-10-30T12:00:00Z",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:10:36.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5407 (GCVE-0-2018-5407)

Vulnerability from cvelistv5

Published

2018-11-15 21:00

Modified

2024-08-05 05:33

Severity ?

CWE

CWE-200

Summary

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2019:0483	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20181126-0001/	x_refsource_CONFIRM
	https://usn.ubuntu.com/3840-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4355	vendor-advisory, x_refsource_DEBIAN
	https://www.tenable.com/security/tns-2018-17	x_refsource_CONFIRM
	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201903-10	vendor-advisory, x_refsource_GENTOO
	https://www.tenable.com/security/tns-2018-16	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/45785/	exploit, x_refsource_EXPLOIT-DB
	https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html	mailing-list, x_refsource_MLIST
	https://github.com/bbbrumley/portsmash	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4348	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/105897	vdb-entry, x_refsource_BID
	https://eprint.iacr.org/2018/1060.pdf	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:0651	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0652	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:2125	vendor-advisory, x_refsource_REDHAT
	https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3929	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3931	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3935	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3932	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	N/A	Processors supporting Simultaneous Multi-Threading	Version: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0483",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0483"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "45785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45785/"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bbbrumley/portsmash"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "105897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2018/1060.pdf"
          },
          {
            "name": "RHSA-2019:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0651"
          },
          {
            "name": "RHSA-2019:0652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0652"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:2125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Processors supporting Simultaneous Multi-Threading",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2018-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:46",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2019:0483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "45785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45785/"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "105897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2018/1060.pdf"
        },
        {
          "name": "RHSA-2019:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0651"
        },
        {
          "name": "RHSA-2019:0652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0652"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:2125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Processors supporting Simultaneous Multi-Threading",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "N/A"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0483",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0483"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "45785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45785/"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "https://github.com/bbbrumley/portsmash",
              "refsource": "MISC",
              "url": "https://github.com/bbbrumley/portsmash"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "105897",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105897"
            },
            {
              "name": "https://eprint.iacr.org/2018/1060.pdf",
              "refsource": "MISC",
              "url": "https://eprint.iacr.org/2018/1060.pdf"
            },
            {
              "name": "RHSA-2019:0651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0651"
            },
            {
              "name": "RHSA-2019:0652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0652"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:2125",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2125"
            },
            {
              "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5407",
    "datePublished": "2018-11-15T21:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2018:4068-1

Vulnerability from csaf_suse

CVE-2016-8610 (GCVE-0-2016-8610)

Vulnerability from cvelistv5

CVE-2018-0734 (GCVE-0-2018-0734)

Vulnerability from cvelistv5

CVE-2018-5407 (GCVE-0-2018-5407)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature