Описание
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssl | Will not fix | ||
| Red Hat Enterprise Linux 5 | openssl097a | Will not fix | ||
| Red Hat Enterprise Linux 6 | openssl | Fix deferred | ||
| Red Hat Enterprise Linux 6 | openssl098e | Will not fix | ||
| Red Hat Enterprise Linux 7 | openssl098e | Will not fix | ||
| Red Hat Enterprise Linux 7 | OVMF | Not affected | ||
| Red Hat Enterprise Linux 8 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | openssl | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 6 | openssl | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 2 | openssl | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS3
Связанные уязвимости
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
The OpenSSL RSA Key generation algorithm has been shown to be vulnerab ...
EPSS
3.3 Low
CVSS3