CVE-2018-0734 (CNNVD-201810-1435)

MEDIUM
中文标题:
OpenSSL 加密问题漏洞
英文标题:
Timing attack against DSA
CVSS分数: 5.9
发布时间: 2018-10-30 12:00:00
漏洞类型: 加密问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.1.1版本、1.1.0版本至1.1.0i版本和1.0.2版本至1.0.2p版本中的DSA签名算法存在加密问题漏洞。该漏洞源于网络系统或产品未正确使用相关密码算法,导致内容未正确加密、弱加密、明文存储敏感信息等。

英文描述:

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

CWE类型:
CWE-327
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
OpenSSL OpenSSL Fixed in OpenSSL 1.1.1a (Affected 1.1.1) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.1.1a_(affected_1.1.1):*:*:*:*:*:*:*
OpenSSL OpenSSL Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.1.0j_(affected_1.1.0-1.1.0i):*:*:*:*:*:*:*
OpenSSL OpenSSL Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.0.2q_(affected_1.0.2-1.0.2p):*:*:*:*:*:*:*
openssl openssl * - - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
openssl openssl 1.1.1 - - cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*
canonical ubuntu_linux 14.04 - - cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 16.04 - - cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 18.04 - - cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 18.10 - - cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
debian debian_linux 9.0 - - cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
nodejs node.js * - - cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
nodejs node.js 10.13.0 - - cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*
netapp cn1610_firmware - - - cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
netapp cloud_backup - - - cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
netapp oncommand_unified_manager * - - cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
netapp santricity_smi-s_provider - - - cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
netapp snapcenter - - - cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netapp steelstore - - - cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
netapp storage_automation_store - - - cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
oracle api_gateway 11.1.2.4.0 - - cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
oracle e-business_suite_technology_stack 0.9.8 - - cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*
oracle e-business_suite_technology_stack 1.0.0 - - cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*
oracle e-business_suite_technology_stack 1.0.1 - - cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 12.1.0.5.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.2.0.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.3.0.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*
oracle enterprise_manager_ops_center 12.3.3 - - cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
oracle mysql_enterprise_backup * - - cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.55 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.56 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management * - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management 8.4 - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management 15.1 - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management 15.2 - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management 16.1 - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management 16.2 - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*
oracle primavera_p6_professional_project_management 18.8 - - cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*
oracle tuxedo 12.1.1.0.0 - - cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 x_refsource_CONFIRM
cve.org
访问
USN-3840-1 vendor-advisory
cve.org
访问
DSA-4355 vendor-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
105758 vdb-entry
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
DSA-4348 vendor-advisory
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
openSUSE-SU-2019:1547 vendor-advisory
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
openSUSE-SU-2019:1814 vendor-advisory
cve.org
访问
RHSA-2019:2304 vendor-advisory
cve.org
访问
FEDORA-2019-db06efdea1 vendor-advisory
cve.org
访问
FEDORA-2019-00c25b9379 vendor-advisory
cve.org
访问
FEDORA-2019-9a0a7c0986 vendor-advisory
cve.org
访问
RHSA-2019:3700 vendor-advisory
cve.org
访问
RHSA-2019:3933 vendor-advisory
cve.org
访问
RHSA-2019:3935 vendor-advisory
cve.org
访问
RHSA-2019:3932 vendor-advisory
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
CVSS评分详情
5.9
MEDIUM
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS版本: 3.1
机密性
HIGH
完整性
NONE
可用性
NONE
时间信息
发布时间:
2018-10-30 12:00:00
修改时间:
2024-09-16 23:10:36
创建时间:
2025-11-11 15:34:57
更新时间:
2025-11-11 15:53:58
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2018-0734 2025-11-11 15:19:35 2025-11-11 07:34:57
NVD nvd_CVE-2018-0734 2025-11-11 14:56:00 2025-11-11 07:43:34
CNNVD cnnvd_CNNVD-201810-1435 2025-11-11 15:10:06 2025-11-11 07:53:58
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:53:58
vulnerability_type: 未提取 → 加密问题; cnnvd_id: 未提取 → CNNVD-201810-1435; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 加密问题
  • cnnvd_id: 未提取 -> CNNVD-201810-1435
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:43:34
cvss_score: 未提取 → 5.9; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 3 → 39; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 5.9
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 3 -> 39
  • data_sources: ['cve'] -> ['cve', 'nvd']