CVE-2019-1559
- EPSS 5.05%
- Veröffentlicht 27.02.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:36:48
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...
CVE-2018-0734
- EPSS 6.05%
- Veröffentlicht 30.10.2018 12:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:50
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1....
CVE-2018-0735
- EPSS 9.26%
- Veröffentlicht 29.10.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:50
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in Ope...