AVG-677

Package openssl-1.0
Status Vulnerable
Severity Low
Type private key recovery
Affected 1.0.2.o-1
Fixed Unknown
Current 1.0.2.o-1 [core]
Ticket Create
Created Mon Apr 16 15:46:58 2018
Issue Severity Remote Type Description
CVE-2018-0737 Low No Private key recovery
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access...
References
https://github.com/openssl/openssl/commit/349a41da1ad88ad87825414752a8ff5fdd6a6c3f