CVE-2018-0735

Source
Severity Low
Remote Yes
Type Private key recovery
Description
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could use variations in the signing algorithm to recover the private key.
Group Package Affected Fixed Severity Status Ticket
AVG-793 lib32-openssl 1:1.1.1-1 1:1.1.1.a-1 Low Fixed
AVG-792 openssl 1.1.1-1 1.1.1.a-1 Low Fixed
Date Advisory Group Package Severity Description
08 Dec 2018 ASA-201812-6 AVG-793 lib32-openssl Low private key recovery
08 Dec 2018 ASA-201812-5 AVG-792 openssl Low private key recovery
References
https://www.openssl.org/news/secadv/20181029.txt
https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4