---

CVE-2018-0737 - log back

CVE-2018-0737 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Local
Type	+ Private key recovery
Description	+ A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.
References	+ https://www.openssl.org/news/secadv/20180416.txt + https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 + https://github.com/openssl/openssl/commit/349a41da1ad88ad87825414752a8ff5fdd6a6c3f
Notes