CVE-2018-0737

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-0737

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-0737.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-0737

Downstream

ALPINE-CVE-2018-0737

DEBIAN-CVE-2018-0737

DLA-1449-1

DSA-4348-1

DSA-4355-1

RHSA-2018:3221

RHSA-2019:3932

RHSA-2019:3933

SUSE-FU-2022:0445-1

SUSE-SU-2018:2486-1

SUSE-SU-2018:2492-1

SUSE-SU-2018:2545-1

SUSE-SU-2018:2683-1

SUSE-SU-2018:2928-1

SUSE-SU-2018:2928-2

SUSE-SU-2018:2965-1

SUSE-SU-2018:3864-1

SUSE-SU-2018:3864-2

SUSE-SU-2019:0197-1

SUSE-SU-2019:1553-1

UBUNTU-CVE-2018-0737

USN-3628-1

USN-3692-1

openSUSE-SU-2019:0152-1

openSUSE-SU-2024:11126-1

openSUSE-SU-2024:11127-1

Related

Published

2018-04-16T18:29:00Z

Modified

2025-08-09T20:01:25Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

References

Affected packages