CVE-2018-0735 - log back

CVE-2018-0735 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Private key recovery
Description
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could use variations in the signing algorithm to recover the private key.
References
+ https://www.openssl.org/news/secadv/20181029.txt
+ https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
Notes