CVE-2018-5407
- Source
- https://cve.org/CVERecord?id=CVE-2018-5407
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5407.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-5407
- Downstream
- Related
- Published
- 2018-11-15T21:29:00.233Z
- Modified
- 2026-05-12T04:02:32.253851Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "6.14.4" }, { "introduced": "8.0.0" }, { "fixed": "8.11.4" }, { "introduced": "10.0.0" }, { "fixed": "10.9.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "1.0.2" }, { "fixed": "1.0.2q" }, { "introduced": "1.1.0" }, { "fixed": "1.1.0i" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "11.1.2.4.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "0.9.8" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.0.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12.1.0.5.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "13.2.0.0.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "13.3.0.0.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12.3.3" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "3.12.3" }, { "introduced": "3.12.4" }, { "last_affected": "4.1.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.55" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.56" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.57" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "17.7" }, { "last_affected": "17.12" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "15.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "15.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "16.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "16.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "18.8" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12.1.1.0.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "6.0.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "8.1.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "14.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "16.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "18.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "18.10" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "9.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] } ] }- References
-
- https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS
- http://www.securityfocus.com/bid/105897
- https://access.redhat.com/errata/RHSA-2019:0483
- https://access.redhat.com/errata/RHSA-2019:0651
- https://access.redhat.com/errata/RHSA-2019:0652
- https://access.redhat.com/errata/RHSA-2019:2125
- https://access.redhat.com/errata/RHSA-2019:3929
- https://access.redhat.com/errata/RHSA-2019:3931
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3935
- https://eprint.iacr.org/2018/1060.pdf
- https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.gentoo.org/glsa/201903-10
- https://security.netapp.com/advisory/ntap-20181126-0001/
- https://usn.ubuntu.com/3840-1/
- https://www.debian.org/security/2018/dsa-4348
- https://www.debian.org/security/2018/dsa-4355
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://github.com/bbbrumley/portsmash
- https://www.exploit-db.com/exploits/45785/
Affected packages
Git / github.com/bbbrumley/portsmash
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bbbrumley/portsmash
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.0.0" } ] }