---

CVE-2018-0734 - log back

CVE-2018-0734 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Remote
Type	+ Private key recovery
Description	+ A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side channel when a BN is resized and could lead to private key recovery.
References	+ https://www.openssl.org/news/secadv/20181030.txt + https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f + https://github.com/openssl/openssl/pull/7486
Notes