« List of all CVEs

CVE-2018-0735

Timing attack against ECDSA signature generation

Published: 10/29/2018 Last updated: 9/16/2024 Reserved: 11/30/2017

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

CNA assigner: openssl (3a12439a-ef3a-4c79-92e6-6081a721f1e5) Requested by: n/a

Opam packages affected (8)

conf-libcurl conf-libssl conf-mingw-w64-openssl-i686 conf-mingw-w64-openssl-x86_64 conf-mysql conf-npm conf-openssl conf-srt-openssl

Products affected (1)

Product	Vendor	Version
OpenSSL	OpenSSL	n/a

References (30)

Credits (1)

Samuel Weiser