{"id":"CVE-2018-0735","details":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).","modified":"2026-04-10T04:03:09.468124Z","published":"2018-10-29T13:29:00.263Z","related":["CGA-6f69-g2gq-mhhw","SUSE-SU-2018:3863-1","SUSE-SU-2018:3945-1","openSUSE-SU-2024:11127-1"],"references":[{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041986"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20181029.txt"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105750"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"},{"type":"ADVISORY","url":"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3840-1/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3700"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20181105-0002/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4348"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"0"},{"last_affected":"527c12ed611f3fe072c3043734319edb2c733099"},{"introduced":"0"},{"last_affected":"4789962c2f451b9bc7e9a1c29598bdea144edc47"},{"introduced":"0"},{"last_affected":"d2029238d6d9f648077664e4cdd611e231a6dc14"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"e4924f36486f971f8a04252e01c803457a2c72f7"},{"introduced":"0"},{"last_affected":"dc86e412f18b36ce271f791026714e8caa0ec919"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"5.6.42"},{"introduced":"5.7.0"},{"last_affected":"5.7.24"},{"introduced":"8.0.0"},{"last_affected":"8.0.13"},{"introduced":"0"},{"last_affected":"8.4"}]}},{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"0"},{"last_affected":"bdf069ba0f6ee63056628af20d95cd82ca5ea736"},{"introduced":"cf41627411886000429bde058a6594fb7f6d6d47"},{"fixed":"4a276cc2a960b3f9a138ac3a99c9249a63b4d472"},{"introduced":"cea049bcf8bb0f9a6e0095dbd5dffdb14dc8f71b"},{"fixed":"00fb73a72eff0e90d0f85b95dbcfc3c21f89cff9"},{"introduced":"0"},{"last_affected":"ab4af087e83d91a46354d765306d3543b1d85423"},{"introduced":"0"},{"last_affected":"2291e079f22e6df1f7683a05d17364b2ab3bfdab"},{"introduced":"0"},{"last_affected":"5ecd1c93d88c7637c76e3d2108061623efdc5e4e"},{"introduced":"0"},{"last_affected":"79c57d0cc55db834177d2f8ce4b4d83109a23dc9"},{"introduced":"0"},{"last_affected":"6e69f8452efa0631bfbefd8ddbd41a813a864645"},{"introduced":"0"},{"last_affected":"c200106305f4367ba9ad8987af5139979c6cc40c"},{"introduced":"0"},{"last_affected":"af591d494070a978d23fdb6c7c46ff52060b61b1"},{"introduced":"0"},{"fixed":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"18.10"},{"introduced":"10.0.0"},{"fixed":"10.12.0"},{"introduced":"11.0.0"},{"fixed":"11.3.0"},{"introduced":"0"},{"last_affected":"10.13.0"},{"introduced":"0"},{"last_affected":"15.1"},{"introduced":"0"},{"last_affected":"15.2"},{"introduced":"0"},{"last_affected":"16.1"},{"introduced":"0"},{"last_affected":"16.2"},{"introduced":"0"},{"last_affected":"18.8"},{"introduced":"0"},{"last_affected":"5.4"},{"introduced":"0"},{"fixed":"6.0.0"}]}},{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"7ea5bd2b52d0e81eaef3d109b3b12545306f201c"},{"last_affected":"7ea5bd2b52d0e81eaef3d109b3b12545306f201c"},{"introduced":"0"},{"last_affected":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"0"},{"last_affected":"c2ef67100cd0ca2321b5f1a437abb93fc7e11e37"},{"introduced":"0"},{"last_affected":"ce052c8437fb97cbc57f034fa94b5bcd749dbf52"},{"introduced":"0"},{"last_affected":"888759a1d38197f29de7227876c3b58fbff8549f"}],"database_specific":{"versions":[{"introduced":"1.1.0"},{"last_affected":"1.1.0i"},{"introduced":"0"},{"last_affected":"1.1.1"},{"introduced":"0"},{"last_affected":"0.9.8"},{"introduced":"0"},{"last_affected":"1.0.0"},{"introduced":"0"},{"last_affected":"1.0.1"}]}}],"versions":["BEFORE_engine","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_0_9_8","OpenSSL_0_9_8-beta1","OpenSSL_0_9_8-beta2","OpenSSL_0_9_8-beta4","OpenSSL_0_9_8-beta5","OpenSSL_0_9_8-beta6","OpenSSL_0_9_8-post-auto-reformat","OpenSSL_0_9_8-post-reformat","OpenSSL_0_9_8-pre-auto-reformat","OpenSSL_0_9_8-pre-reformat","OpenSSL_0_9_8a","OpenSSL_0_9_8b","OpenSSL_0_9_8c","OpenSSL_0_9_8d","OpenSSL_0_9_8e","OpenSSL_0_9_8h","OpenSSL_0_9_8i","OpenSSL_0_9_8j","OpenSSL_0_9_8m","OpenSSL_0_9_8m-beta1","OpenSSL_0_9_8n","OpenSSL_0_9_8o","OpenSSL_0_9_8p","OpenSSL_0_9_8q","OpenSSL_0_9_8r","OpenSSL_0_9_8s","OpenSSL_0_9_8t","OpenSSL_0_9_8u","OpenSSL_0_9_8v","OpenSSL_0_9_8w","OpenSSL_0_9_8x","OpenSSL_0_9_8y","OpenSSL_0_9_8za","OpenSSL_0_9_8zb","OpenSSL_0_9_8zc","OpenSSL_0_9_8zd","OpenSSL_0_9_8ze","OpenSSL_0_9_8zf","OpenSSL_0_9_8zg","OpenSSL_0_9_8zh","OpenSSL_1_0_0","OpenSSL_1_0_0-beta1","OpenSSL_1_0_0-beta2","OpenSSL_1_0_0-beta3","OpenSSL_1_0_0-beta4","OpenSSL_1_0_0-beta5","OpenSSL_1_0_0-post-auto-reformat","OpenSSL_1_0_0-post-reformat","OpenSSL_1_0_0-pre-auto-reformat","OpenSSL_1_0_0-pre-reformat","OpenSSL_1_0_0a","OpenSSL_1_0_0b","OpenSSL_1_0_0c","OpenSSL_1_0_0d","OpenSSL_1_0_0e","OpenSSL_1_0_0f","OpenSSL_1_0_0g","OpenSSL_1_0_0h","OpenSSL_1_0_0i","OpenSSL_1_0_0j","OpenSSL_1_0_0k","OpenSSL_1_0_0l","OpenSSL_1_0_0m","OpenSSL_1_0_0n","OpenSSL_1_0_0o","OpenSSL_1_0_0p","OpenSSL_1_0_0q","OpenSSL_1_0_0r","OpenSSL_1_0_0s","OpenSSL_1_0_0t","OpenSSL_1_0_1","OpenSSL_1_0_1-beta1","OpenSSL_1_0_1-beta2","OpenSSL_1_0_1-beta3","OpenSSL_1_0_1-post-auto-reformat","OpenSSL_1_0_1-post-reformat","OpenSSL_1_0_1-pre-auto-reformat","OpenSSL_1_0_1-pre-reformat","OpenSSL_1_0_1a","OpenSSL_1_0_1b","OpenSSL_1_0_1c","OpenSSL_1_0_1d","OpenSSL_1_0_1e","OpenSSL_1_0_1f","OpenSSL_1_0_1g","OpenSSL_1_0_1h","OpenSSL_1_0_1i","OpenSSL_1_0_1j","OpenSSL_1_0_1k","OpenSSL_1_0_1l","OpenSSL_1_0_1m","OpenSSL_1_0_1n","OpenSSL_1_0_1o","OpenSSL_1_0_1p","OpenSSL_1_0_1q","OpenSSL_1_0_1r","OpenSSL_1_0_1s","OpenSSL_1_0_1t","OpenSSL_1_0_1u","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_0l","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","OpenSSL_1_1_1a","OpenSSL_1_1_1b","OpenSSL_1_1_1c","OpenSSL_1_1_1d","OpenSSL_1_1_1e","OpenSSL_1_1_1f","OpenSSL_1_1_1g","OpenSSL_1_1_1h","OpenSSL_1_1_1i","OpenSSL_1_1_1j","OpenSSL_1_1_1k","OpenSSL_1_1_1l","OpenSSL_1_1_1m","OpenSSL_1_1_1n","OpenSSL_1_1_1o","OpenSSL_1_1_1p","OpenSSL_1_1_1q","OpenSSL_1_1_1r","OpenSSL_1_1_1s","OpenSSL_1_1_1t","OpenSSL_1_1_1u","OpenSSL_1_1_1v","OpenSSL_1_1_1w","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.6.40","mysql-5.6.42","mysql-5.7.24","mysql-8.0.0","mysql-8.0.13","mysql-8.4.0","mysql-9.0.0","mysql-9.0.0-release","mysql-cluster-8.4.0","mysql-cluster-9.0.0","v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.6","v0.1.0","v0.1.1","v0.1.10","v0.1.100","v0.1.101","v0.1.102","v0.1.103","v0.1.104","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.3","v0.1.30","v0.1.31","v0.1.32","v0.1.33","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.1.92","v0.1.93","v0.1.94","v0.1.95","v0.1.96","v0.1.97","v0.1.98","v0.1.99","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.5.0","v0.5.1","v0.5.10","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.5-rc1","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.7.0","v0.7.2","v0.7.3","v1.0.1","v1.0.1-release","v1.0.2","v1.0.2-release","v1.0.3","v1.0.4","v1.1.0","v1.2.0","v1.3.0","v1.4.1","v1.4.2","v1.4.3","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.7.0","v1.7.1","v10.0.0","v10.1.0","v10.10.0","v10.11.0","v10.12.0","v10.13.0","v10.2.0","v10.2.1","v10.3.0","v10.4.0","v10.4.1","v10.5.0","v10.6.0","v10.7.0","v10.8.0","v10.9.0","v11.0.0","v11.1.0","v11.2.0","v15.0.0","v15.0.1","v15.1.0","v15.2.0","v16.0.0","v16.1.0","v16.2.0","v18.0.0","v18.1.0","v18.10.0","v18.2.0","v18.3.0","v18.4.0","v18.5.0","v18.6.0","v18.7.0","v18.8.0","v18.9.0","v18.9.1","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.4.0","v2.5.0","v3.0.0","v5.0.0","v5.1.0","v5.1.1","v5.2.0","v5.3.0","v5.4.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"9.4"}]},{"events":[{"introduced":"0"},{"last_affected":"11.1.2.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.3.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.55"}]},{"events":[{"introduced":"0"},{"last_affected":"8.56"}]},{"events":[{"introduced":"0"},{"last_affected":"8.57"}]},{"events":[{"introduced":"17.7"},{"last_affected":"17.12"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.1.0.0"}]},{"events":[{"introduced":"5.0.0"},{"fixed":"5.2.24"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0735.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}