Описание
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.0g-2ubuntu4.3 |
| cosmic | released | 1.1.1-1ubuntu2.1 |
| devel | released | 1.1.1a-1ubuntu2 |
| disco | released | 1.1.1a-1ubuntu2 |
| eoan | released | 1.1.1a-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 1.0.1f-1ubuntu2.26 |
| esm-infra/bionic | not-affected | 1.1.0g-2ubuntu4.3 |
| esm-infra/focal | not-affected | 1.1.1a-1ubuntu2 |
| esm-infra/xenial | not-affected | 1.0.2g-1ubuntu4.13 |
| focal | released | 1.1.1a-1ubuntu2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1.0.2n-1ubuntu5.1 |
| cosmic | not-affected | 1.0.2n-1ubuntu6 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 1.0.2n-1ubuntu5.1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Уязвимость реализации алгоритма шифрования ECDSA библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3