vulnerability

Ubuntu: USN-3840-1 (CVE-2018-0735): OpenSSL vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Oct 29, 2018

Added

Dec 21, 2018

Modified

Mar 27, 2026

Description

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Solutions

ubuntu-upgrade-libssl1-0-0ubuntu-upgrade-libssl1-1

References

CVE-2018-0735
https://attackerkb.com/topics/CVE-2018-0735
CWE-327
DEBIAN-DSA-4348
EUVD-EUVD-2018-1545
NVD-CVE-2018-0735
UBUNTU-USN-3840-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-1545

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report