Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-0734 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
nodejs-current (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU15668
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0734
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsnodejs-current (Alpine package): 11.1.0-r0
CPE2.3 External linkshttp://git.alpinelinux.org/aports/commit/?id=4bb02b09003b63e5aa9c4d9be68117e15e663c00
http://git.alpinelinux.org/aports/commit/?id=bd0e7c7b564133e60cba91a11ebaf58fc66ca95f
http://git.alpinelinux.org/aports/commit/?id=cbad6e043c390238adf4905ce29648f24e4503ba
http://git.alpinelinux.org/aports/commit/?id=d30e50323c5f1784719c4be7a9c21388b2ac6dcb
http://git.alpinelinux.org/aports/commit/?id=9506edbe44db07fc65aab5d444e7e02ca3767187
http://git.alpinelinux.org/aports/commit/?id=c1d3640cee748b8ff91fd6d4fb3102e9fb356ab2
http://git.alpinelinux.org/aports/commit/?id=dfa7fc2a3c8a46d7b74d3622e61fdc3aacf7e2c5
http://git.alpinelinux.org/aports/commit/?id=71cc4cc38133a6c2666978dacfa9c2ab78b1eaec
http://git.alpinelinux.org/aports/commit/?id=0475e69802503af151dbf782f81d152d331b1083
http://git.alpinelinux.org/aports/commit/?id=07b44d0ab16346876de776763036d792759e63b7
http://git.alpinelinux.org/aports/commit/?id=20644e278a928af7b6ba3dab98e72de889abde1f
http://git.alpinelinux.org/aports/commit/?id=57d5f945ab66ccc72e5b48a40343ff6169b9893d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.