Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The Open Source toolkit for Secure Sockets Layer and Transport Layer Security
Version 1.0.2.q-1 [multilib]


Group Affected Fixed Severity Status Ticket
AVG-806 1.0.2.p-1 1.0.2.q-1 Low Fixed
AVG-676 1.0.2.o-1 1.0.2.p-1 Low Fixed
AVG-480 1.0.2.l-2 1.0.2.n-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-5407 AVG-806 Low No Private key recovery
A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and...
CVE-2018-0737 AVG-676 Low No Private key recovery
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access...
CVE-2018-0734 AVG-806 Low Yes Private key recovery
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side...
CVE-2018-0732 AVG-676 Low Yes Denial of service
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause...
CVE-2017-3738 AVG-480 Medium Yes Private key recovery
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected....
CVE-2017-3737 AVG-480 Medium Yes Information disclosure
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then...
CVE-2017-3736 AVG-480 Medium Yes Information disclosure
A carry propagation bug has been found in OpenSSL < 1.1.0g in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests...
CVE-2017-3735 AVG-480 Low Yes Denial of service
A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer...


Date Advisory Group Severity Description
08 Dec 2018 ASA-201812-7 AVG-806 Low private key recovery
17 Dec 2017 ASA-201712-11 AVG-480 Medium multiple issues