CVE-2018-0734

Source
Severity Low
Remote Yes
Type Information disclosure
Description
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side channel when a BN is resized and could lead to private key recovery.
Group Package Affected Fixed Severity Status Ticket
AVG-792 openssl 1.1.1-1 Low Vulnerable
References
https://www.openssl.org/news/secadv/20181030.txt
https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f
https://github.com/openssl/openssl/pull/7486