{"id":"CVE-2018-0737","details":"The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).","modified":"2026-04-16T06:18:00.319979133Z","published":"2018-04-16T18:29:00.267Z","related":["SUSE-FU-2022:0445-1","SUSE-SU-2018:2486-1","SUSE-SU-2018:2492-1","SUSE-SU-2018:2545-1","SUSE-SU-2018:2683-1","SUSE-SU-2018:2928-1","SUSE-SU-2018:2928-2","SUSE-SU-2018:2965-1","SUSE-SU-2018:3864-1","SUSE-SU-2018:3864-2","SUSE-SU-2019:0197-1","SUSE-SU-2019:1553-1","openSUSE-SU-2019:0152-1","openSUSE-SU-2024:11126-1","openSUSE-SU-2024:11127-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2018-13"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2018-14"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"},{"type":"WEB","url":"https://usn.ubuntu.com/3692-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/3692-2/"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2018-12"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2018-17"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3628-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3628-2/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103766"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201811-21"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3505"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3221"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180726-0003/"},{"type":"ADVISORY","url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/133"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4348"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040685"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4355"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20180416.txt"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"type":"ARTICLE","url":"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"7ea5bd2b52d0e81eaef3d109b3b12545306f201c"},{"last_affected":"7ea5bd2b52d0e81eaef3d109b3b12545306f201c"}],"database_specific":{"versions":[{"introduced":"1.0.2b"},{"last_affected":"1.0.2o"},{"introduced":"1.1.0"},{"last_affected":"1.1.0h"}]}}],"versions":["OpenSSL_1_0_2u","OpenSSL_1_1_0l"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0737.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}