CVE-2018-0735

Source
Severity Low
Remote Yes
Type Private key recovery
Description
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could use variations in the signing algorithm to recover the private key.
Group Package Affected Fixed Severity Status Ticket
AVG-793 lib32-openssl 1:1.1.1-1 Low Vulnerable
AVG-792 openssl 1.1.1-1 Low Vulnerable
References
https://www.openssl.org/news/secadv/20181029.txt
https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4