---

CVE-2018-0735 - log back

CVE-2018-0735 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Remote
Type	+ Private key recovery
Description	+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could use variations in the signing algorithm to recover the private key.
References	+ https://www.openssl.org/news/secadv/20181029.txt + https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
Notes