CVE-2018-0734

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-0734

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0734.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-0734

Downstream

ALPINE-CVE-2018-0734

DEBIAN-CVE-2018-0734

DSA-4348-1

DSA-4355-1

RHSA-2019:2304

RHSA-2019:3700

RHSA-2019:3932

RHSA-2019:3933

SUSE-FU-2022:0445-1

SUSE-SU-2018:3863-1

SUSE-SU-2018:3864-1

SUSE-SU-2018:3864-2

SUSE-SU-2018:3866-1

SUSE-SU-2018:3945-1

SUSE-SU-2018:3964-1

SUSE-SU-2018:3989-1

SUSE-SU-2018:4001-1

SUSE-SU-2018:4068-1

SUSE-SU-2018:4274-1

SUSE-SU-2019:0117-1

SUSE-SU-2019:0395-1

SUSE-SU-2019:1553-1

UBUNTU-CVE-2018-0734

USN-3840-1

openSUSE-SU-2019:1547-1

openSUSE-SU-2019:1814-1

openSUSE-SU-2024:11126-1

openSUSE-SU-2024:11127-1

Related

Published

2018-10-30T12:29:00Z

Modified

2025-09-30T07:00:41.795551Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

6b1c40be84fbe5ea404f25e4e340a0c1fe67a60a

Fixed

b6589e3d9be963b29a8559bf7b272b54284fe1bc

Affected versions

v6.*

v6.10.0

v6.10.1

v6.10.2

v6.10.3

v6.11.0

v6.11.1

v6.11.2

v6.11.3

v6.11.4

v6.11.5

v6.12.0

v6.12.1

v6.12.2

v6.12.3

v6.13.0

v6.13.1

v6.14.0

v6.14.1

v6.14.2

v6.14.3

v6.14.4

v6.9.0

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5