CVE-2018-5407
- Source
- https://cve.org/CVERecord?id=CVE-2018-5407
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5407.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-5407
- Downstream
- Related
- Published
- 2018-11-15T21:29:00.233Z
- Modified
- 2026-06-12T08:08:57.206700Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "3.12.3" }, { "introduced": "3.12.4" }, { "last_affected": "4.1.2" } ], "cpes": [ "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:mysql_enterprise_backup", "source": "CPE_RANGE" }, { "extracted_events": [ { "introduced": "17.7" }, { "last_affected": "17.12" } ], "cpes": [ "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:primavera_p6_enterprise_project_portfolio_management", "source": "CPE_RANGE" }, { "extracted_events": [ { "fixed": "6.0.0" } ], "cpes": [ "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:vm_virtualbox", "source": "CPE_RANGE" }, { "extracted_events": [ { "fixed": "8.1.1" } ], "cpes": [ "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*" ], "vendor_product": "tenable:nessus", "source": "CPE_RANGE" }, { "extracted_events": [ { "last_affected": "14.04" }, { "last_affected": "16.04" }, { "last_affected": "18.04" }, { "last_affected": "18.10" } ], "cpes": [ "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" ], "vendor_product": "canonical:ubuntu_linux", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "8.0" }, { "last_affected": "9.0" } ], "cpes": [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "vendor_product": "debian:debian_linux", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "11.1.2.4.0" } ], "cpes": [ "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:api_gateway", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "0.9.8" }, { "last_affected": "1.0.1" } ], "cpes": [ "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:application_server", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "12.1.0.5.0" }, { "last_affected": "13.2.0.0.0" }, { "last_affected": "13.3.0.0.0" } ], "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_manager_base_platform", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "12.3.3" } ], "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_manager_ops_center", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "8.55" }, { "last_affected": "8.56" }, { "last_affected": "8.57" } ], "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*" ], "vendor_product": "oracle:peoplesoft_enterprise_peopletools", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "8.4" }, { "last_affected": "15.1" }, { "last_affected": "15.2" }, { "last_affected": "16.1" }, { "last_affected": "16.2" }, { "last_affected": "18.8" } ], "cpes": [ "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*" ], "vendor_product": "oracle:primavera_p6_enterprise_project_portfolio_management", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "12.1.1.0.0" } ], "cpes": [ "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:tuxedo", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "7.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_desktop", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "7.0" }, { "last_affected": "7.6" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "7.6" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server_aus", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "7.6" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server_eus", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "7.6" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_server_tus", "source": "CPE_STRING" }, { "extracted_events": [ { "last_affected": "7.0" } ], "cpes": [ "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" ], "vendor_product": "redhat:enterprise_linux_workstation", "source": "CPE_STRING" } ] }- References
-
- https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS
- http://www.securityfocus.com/bid/105897
- https://access.redhat.com/errata/RHSA-2019:0483
- https://access.redhat.com/errata/RHSA-2019:0651
- https://access.redhat.com/errata/RHSA-2019:0652
- https://access.redhat.com/errata/RHSA-2019:2125
- https://access.redhat.com/errata/RHSA-2019:3929
- https://access.redhat.com/errata/RHSA-2019:3931
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3935
- https://eprint.iacr.org/2018/1060.pdf
- https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.gentoo.org/glsa/201903-10
- https://security.netapp.com/advisory/ntap-20181126-0001/
- https://usn.ubuntu.com/3840-1/
- https://www.debian.org/security/2018/dsa-4348
- https://www.debian.org/security/2018/dsa-4355
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://github.com/bbbrumley/portsmash
- https://www.exploit-db.com/exploits/45785/
Affected packages
Git
github.com/bbbrumley/portsmash
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bbbrumley/portsmash
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.0.0" } ], "cpe": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "source": "CPE_STRING" }
github.com/nodejs/node
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "6.14.4" }, { "introduced": "8.0.0" }, { "fixed": "8.11.4" }, { "introduced": "10.0.0" }, { "fixed": "10.9.0" } ], "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "source": "CPE_RANGE" }
Affected versions
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.12.0
v6.12.1
v6.12.2
v6.12.3
v6.13.0
v6.13.1
v6.14.0
v6.14.1
v6.14.2
v6.14.3
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v8.*
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.11.3
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
v8.8.0
v8.8.1
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
github.com/openssl/openssl
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"227788886913935889032703558012047812302",
"50491541398146363716796660912620610979",
"269421547081420290782835078680106598455",
"1907100557939212133144652077112450142",
"5242489482972689247408035301976916379",
"293500484184004759882319173711457008915",
"22352102879530286438426240576046215259",
"227623751601783881855048171227667533607"
],
"threshold": 0.9
},
"id": "CVE-2018-5407-a8883bd8",
"signature_version": "v1",
"target": {
"file": "include/openssl/opensslv.h"
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/7ea5bd2b52d0e81eaef3d109b3b12545306f201c"
},
{
"digest": {
"line_hashes": [
"251633914150035957322733061977107206211",
"338514574181828579838011565939158652696",
"76638288692106140328510055542557597351",
"142922657400765574308962710386922248045",
"71649992455794854055653842592139575350",
"65527166711110472566013424527579064967",
"253196866009476977787139000804413898733",
"172177136897997206866313011107384691461"
],
"threshold": 0.9
},
"id": "CVE-2018-5407-e051451f",
"signature_version": "v1",
"target": {
"file": "crypto/opensslv.h"
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5407.json"
vanir_signatures_modified
"2026-06-12T08:08:57Z"