CVE-2018-5407 (Medium) detected in opensslOpenSSL_1_0_1i - autoclosed

[mend-bolt-for-github]

CVE-2018-5407 - Medium Severity Vulnerability

Vulnerable Library - opensslOpenSSL_1_0_1i

TLS/SSL and crypto library

Library home page: https://github.com/openssl/openssl.git

Found in base branch: archived-io.js-v0.10

Vulnerable Source Files (4)

node/deps/openssl/openssl/crypto/ec/ec_mult.c
node/deps/openssl/openssl/crypto/ec/ec_mult.c
node/deps/openssl/openssl/crypto/bn/bn_lib.c
node/deps/openssl/openssl/crypto/ec/ec_mult.c

Vulnerability Details

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Publish Date: 2018-11-15

URL: CVE-2018-5407

CVSS 3 Score Details (4.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407

Release Date: 2018-11-15

Fix Resolution: OpenSSL_1_1_0i,OpenSSL_1_1_1

---

Step up your Open Source Security Game with WhiteSource here

[mend-bolt-for-github]

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

[mend-bolt-for-github]

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.