« List of all CVEs

CVE-2016-2178

Published: 6/20/2016 Last updated: 8/5/2024 Reserved: 1/29/2016

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (7)

conf-libcurl conf-libssl conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-npm conf-openssl conf-srt-openssl

Products affected (1)

Product Vendor Version
n/a n/a < 2024.1.3

References (138)