CVE-2018-0737

Updated: 2023-11-07 20:20:16.357046

Description:

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 5.9

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS openssl 1.0.1e 5.9 MEDIUM Released CLSA-2021:1632262317 2022-05-05 12:01:45
CloudLinux 6 ELS openssl 1.0.1e 5.9 MEDIUM Released 2021-11-02 14:03:17
Oracle Linux 6 ELS openssl 1.0.1e 5.9 MEDIUM Not Vulnerable CLSA-2021:1634922881 2021-11-02 14:03:17
Ubuntu 16.04 ELS openssl 1.0.2g-1 5.9 MEDIUM Not Vulnerable 2021-11-02 14:03:17