Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-0734  

A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side channel when a BN is resized and could lead to private key recovery.

Source
Severity Low

Remote Yes

Type Private key recovery

Description 

A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side channel when a BN is resized and could lead to private key recovery.

AVG-807 openssl-1.0 1.0.2.p-1 1.0.2.q-1 Low Fixed

AVG-806 lib32-openssl-1.0 1.0.2.p-1 1.0.2.q-1 Low Fixed

AVG-793 lib32-openssl 1:1.1.1-1 1:1.1.1.a-1 Low Fixed

AVG-792 openssl 1.1.1-1 1.1.1.a-1 Low Fixed

08 Dec 2018 ASA-201812-8 AVG-807 openssl-1.0 Low private key recovery

08 Dec 2018 ASA-201812-7 AVG-806 lib32-openssl-1.0 Low private key recovery

08 Dec 2018 ASA-201812-6 AVG-793 lib32-openssl Low private key recovery

08 Dec 2018 ASA-201812-5 AVG-792 openssl Low private key recovery 

https://www.openssl.org/news/secadv/20181030.txt
https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f
https://github.com/openssl/openssl/pull/7486

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started