5.9
CVSSv3

CVE-2018-0737

Published: 16/04/2018 Updated: 20/07/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

Vendor Advisories

Debian Bug report logs - #895844 openssl: CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Source Package: src:openssl; Maintainer for src:openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Apr 2018 18:54:01 UTC ...
OpenSSL could allow access to sensitve information ...
Synopsis Moderate: openssl security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for openssl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...
OpenSSL could allow access to sensitve information ...
Several security issues were fixed in OpenSSL ...
RSA key generation cache timing vulnerability in crypto/rsa/rsa_genc allows attackers to recover private keys:OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key (CVE-2018-0 ...
Several security issues were fixed in OpenSSL ...
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2437 zip releasefor RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has rated this update as ...
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 110h and <= 102o An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key ...
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit For the stable distribution (stretch), these problems have been fixed in version 102q-1~deb9u1 Going forward, openssl10 security updates for stretch will be based on the 102x upstream relea ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for JBoss Core Services on RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 Security Release on RHEL 6 Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for R ...
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737) An attacker could exploit this vulnerability to recover the private key (Vulnerability ID: HWPSIRT-2018-06015) Huawei has released software updates to fix this vulnerability This advisory is available at the followi ...
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit For the stable distribution (stretch), these problems have been fixed in version 110j-1~deb9u1 Going forward, openssl security updates for stretch will be based on the 110x upstream releases ...
The Windows and z/OS Security Identity Adapters are now upgraded to a more current release to correct CVE (CVE-2018-0737) “OpenSSL RSA Key generation algorithm information disclosure” ...
IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities (CVE-2018-0737) ...
IBM Tivoli Provisioning Manager for OS Deployment has addressed the following vulnerability: Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) ...
Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client A local attacker can perform cache timing attacks against an application generat ...
IBM Integrated Management Module II (IMM2) has addressed the following vulnerability in OpenSSL ...
Log Correlation Engine leverages third-party software to help provide underlying functionality One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potent ...
IBM Advanced Management Module (AMM) has addressed the following vulnerability in OpenSSL ...
bn_sqrx8x_internal carry bug on x86_64There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 102m and 110 before 110g No EC algorithms are affected Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely Attacks agai ...
Synopsis Critical: Red Hat Ansible Tower 331-2 Release - Container Image Type/Severity Security Advisory: Critical Topic Security Advisory Description Red Hat Ansible Tower 331 is now available and contains the following bug fixes: Fixed event callback error when in-line vaulted variabl ...
Nessus leverages third-party software to help provide underlying functionality One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of th ...
GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL ...
There are vulnerabilities in the OpenSSL and LibcURL libraries used by BigFix These are addressed in the BigFix Platform 9511 and 9216 releases ...
Multiple vulnerabilities were identified in Nodejs that affected IBM Cloud App Management V2018 The product was updated to use a later version of Nodejs to address these security vulnerabilities ...
Nessus leverages third-party software to help provide underlying functionality One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of th ...
The OpenSSL library has been found to contain vulnerabilities CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739 Palo Alto Networks software makes use of the vulnerable library and is affected (Ref # PAN-98504/ CVE-2018-0732, CVE-2018-0737, and CVE-2018-0739) ...
Vulnerabilities in openSSL, glibc, curl, and VMWare that are used in IBM PureApplication System IBM PureApplication System has addressed these vulnerabilities ...
SecurityCenter leverages third-party software to help provide underlying functionality Two separate third-party components (PHP and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...
IBM Cloud Private fluentd component is vulnerable to multiple security vulnerabilities ...
AT&T has released versions 1801-w and 1801-y for the Vyatta 5600 Details of these releases can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...
Oracle Linux Bulletin - October 2018 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
IBM Security Privileged Identity Manager has addressed the following security vulnerabilities ...
Oracle Solaris Third Party Bulletin - July 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...
AT&T has released version 1801-v for the Vyatta 5600 Details of this release can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2018-226-01) New openssl packages are available for Slackware 142 and -current to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/openssl-102p-i586-1_slack142txz: Upgraded This upda ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4355-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff December 19, 2018 wwwdebianorg/security/faq ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff November 30, 2018 wwwdebianorg/security/faq ...

Github Repositories

Usefull SSL (OpenSSL & BoringSSL) & Nginx Patch Bundle For Chinese speakers you may refer to this 中文教程 For OpenSSL OpenSSL 110h wget wwwopensslorg/source/openssl-110htargz && tar zxf openssl-110htargz && cd openssl-110h # "double" ecdhx25519 performance on 64-bit platforms Upstream openssl

sslpatch for openssl & nginx

Usefull SSL (OpenSSL & BoringSSL) & Nginx Patch Bundle For Chinese speakers you may refer to this 中文教程 For OpenSSL OpenSSL 110h wget wwwopensslorg/source/openssl-110htargz && tar zxf openssl-110htargz && cd openssl-110h # "double" ecdhx25519 performance on 64-bit platforms Upstream openssl

TLS - what can go wrong?

TLS - what can go wrong? Key generation Debian weak keys ROCA Shared prime factors (mining ps and qs) Shared non-private keys (eg using default keys shipped with applications) RSA encryption handshake Bleichenbacher, Klima, ROBOT etc attacks SSLv2 Bleichenbacher attack (DROWN) RSA signature handshake RSA-CRT bug / modexp miscalculation (signature generation) Bleichenbac

Quick and easy CVE scanning for Linux systems

vyger Quick and easy CVE scanning for Linux systems vyger is a standalone utility that can be downloaded and run on a Linux system to scan for any unapplied CVEs on the system it is run on It is release under the LGPLv3 license that allows for free usage and inclusion in propreitary systems, but any changes to vyger code must be made available Supported system families: Ubun

core-kit 12-prime branch Core-kit contains the core ebuilds for Funtoo Linux It is designed to be a part of the Funtoo Linux kits system The 12-prime branch of core-kit is currently marked as development branch Please use 10-prime for production systems, not this branch The -prime suffix indicates that the eventual goal is for this kit branch to reach production-quality

References

CWE-327https://www.openssl.org/news/secadv/20180416.txthttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3fhttp://www.securitytracker.com/id/1040685http://www.securityfocus.com/bid/103766https://usn.ubuntu.com/3628-2/https://usn.ubuntu.com/3628-1/https://usn.ubuntu.com/3692-2/https://usn.ubuntu.com/3692-1/https://security.netapp.com/advisory/ntap-20180726-0003/https://lists.debian.org/debian-lts-announce/2018/07/msg00043.htmlhttps://nodejs.org/en/blog/vulnerability/august-2018-security-releases/https://www.tenable.com/security/tns-2018-12https://securityadvisories.paloaltonetworks.com/Home/Detail/133http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.tenable.com/security/tns-2018-14https://www.tenable.com/security/tns-2018-13https://access.redhat.com/errata/RHSA-2018:3221https://access.redhat.com/errata/RHSA-2018:3505https://security.gentoo.org/glsa/201811-21https://www.debian.org/security/2018/dsa-4348https://www.debian.org/security/2018/dsa-4355https://www.tenable.com/security/tns-2018-17https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/https://access.redhat.com/errata/RHSA-2019:3935https://access.redhat.com/errata/RHSA-2019:3933https://access.redhat.com/errata/RHSA-2019:3932https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://github.com/JeffroMF/sslpatchhttps://github.com/S8Cloud/sslpatchhttps://tools.cisco.com/security/center/viewAlert.x?alertId=57508https://nvd.nist.govhttps://usn.ubuntu.com/3628-2/