CVE-2018-0737

Cache timing vulnerability in RSA Key Generation

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Se ha demostrado que el algoritmo de generación de claves RSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral de caché. Un atacante con acceso suficiente para montar ataques de sincronización de caché durante el proceso de generación de claves RSA podría recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0i-dev (afecta a 1.1.0-1.1.0h). Se ha solucionado en OpenSSL 1.0.2p-dev (afecta a 1.0.2b-1.0.2o).

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.

Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. Various other issues were also addressed.

*Credits: Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-30 CVE Reserved
2018-04-16 CVE Published
2024-09-17 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-385: Covert Timing Channel

CAPEC

References (36)

URL	Tag	Source
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	X_refsource_confirm
http://www.securityfocus.com/bid/103766	Third Party Advisory
http://www.securitytracker.com/id/1040685	Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f	X_refsource_confirm
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787	X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html	Mailing List
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases	X_refsource_confirm
https://security.netapp.com/advisory/ntap-20180726-0003	X_refsource_confirm
https://securityadvisories.paloaltonetworks.com/Home/Detail/133	X_refsource_confirm
https://www.oracle.com//security-alerts/cpujul2021.html	X_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html	X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	X_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	X_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	X_refsource_misc
https://www.tenable.com/security/tns-2018-12	X_refsource_confirm
https://www.tenable.com/security/tns-2018-13	X_refsource_confirm
https://www.tenable.com/security/tns-2018-14	X_refsource_confirm
https://www.tenable.com/security/tns-2018-17	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:3221	2023-11-07
https://access.redhat.com/errata/RHSA-2018:3505	2023-11-07
https://access.redhat.com/errata/RHSA-2019:3932	2023-11-07
https://access.redhat.com/errata/RHSA-2019:3933	2023-11-07
https://access.redhat.com/errata/RHSA-2019:3935	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V	2023-11-07
https://security.gentoo.org/glsa/201811-21	2023-11-07
https://usn.ubuntu.com/3628-1	2023-11-07
https://usn.ubuntu.com/3628-2	2023-11-07
https://usn.ubuntu.com/3692-1	2023-11-07
https://usn.ubuntu.com/3692-2	2023-11-07
https://www.debian.org/security/2018/dsa-4348	2023-11-07
https://www.debian.org/security/2018/dsa-4355	2023-11-07
https://www.openssl.org/news/secadv/20180416.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2018-0737	2019-11-20
https://bugzilla.redhat.com/show_bug.cgi?id=1568253	2019-11-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2b <= 1.0.2o Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2b <= 1.0.2o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.0 <= 1.1.0h Search vendor "Openssl" for product "Openssl" and version " >= 1.1.0 <= 1.1.0h"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10"		-		Affected