CVE-2018-5407 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2018-5407

CVE-2018-5407

Published:November 15, 2018

Updated:April 26, 2026

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Affected Packages

openssl (CONDA):

Affected version(s) >=1.0.2d <1.0.2q

Fix Suggestion:

Update to version 1.0.2q

https://github.com/openssl/openssl.git (GITHUB):

Affected version(s) >=OpenSSL_1_1_0a <OpenSSL_1_1_0i

Fix Suggestion:

Update to version OpenSSL_1_1_0i

https://github.com/openssl/openssl.git (GITHUB):

Affected version(s) >=OpenSSL_1_0_2a <OpenSSL_1_0_2q

Fix Suggestion:

Update to version OpenSSL_1_0_2q

Related Resources (31)

http://www.securityfocus.com/bid/105897

https://eprint.iacr.org/2018/1060.pdf

https://access.redhat.com/errata/RHSA-2019:3929

https://www.exploit-db.com/exploits/45785/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://access.redhat.com/errata/RHSA-2019:2125

https://www.tenable.com/security/tns-2018-17

https://access.redhat.com/security/cve/CVE-2018-5407

https://usn.ubuntu.com/3840-1/

https://www.oracle.com/security-alerts/cpuapr2020.html

https://access.redhat.com/errata/RHSA-2019:0483

https://access.redhat.com/errata/RHSA-2019:3932

https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html

https://access.redhat.com/errata/RHSA-2019:0651

https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5407

https://access.redhat.com/errata/RHSA-2019:3933

https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS

https://github.com/bbbrumley/portsmash

https://security.netapp.com/advisory/ntap-20181126-0001/

https://www.debian.org/security/2018/dsa-4355

https://access.redhat.com/errata/RHSA-2019:3935

https://access.redhat.com/errata/RHSA-2019:3931

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://security.gentoo.org/glsa/201903-10

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

https://www.debian.org/security/2018/dsa-4348

https://access.redhat.com/errata/RHSA-2019:0652

https://security-tracker.debian.org/tracker/CVE-2018-5407

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.tenable.com/security/tns-2018-16

Do you need more information?

CVSS v4

Base Score:

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

CVSS v2

Base Score:

1.9

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

EPSS

Base Score:

0.84

Products

Solutions

Resources

Company

Compare

Developer Tools