« List of all CVEs

CVE-2018-0737

Cache timing vulnerability in RSA Key Generation

Published: 4/16/2018 Last updated: 9/17/2024 Reserved: 11/30/2017

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

CNA assigner: openssl (3a12439a-ef3a-4c79-92e6-6081a721f1e5) Requested by: n/a

Opam packages affected (6)

conf-libcurl conf-libssl conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-openssl conf-srt-openssl

Products affected (1)

Product	Vendor	Version
OpenSSL	OpenSSL	12.3(4)XK

References (68)

Credits (1)

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia