CVE-2018-0734

Public on 2018-10-30

Modified on 2019-11-14

Description

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Severity

Low

CVSS v3 Base Score

5.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	openssl	2019-03-21	ALAS-2019-1153	Fixed
Amazon Linux 2 - Core	openssl	2019-01-23	ALAS2-2019-1153	Fixed
Amazon Linux 2 - Core	openssl	2019-11-11	ALAS2-2019-1362	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.1	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:P/I:N/A:N
NVD	CVSSv3	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Red Hat: CVE-2018-0734 Mitre: CVE-2018-0734