FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- timing vulnerability

Affected packages
openssl < 1.0.2p_2

Details

VuXML ID 6f170cf2-e6b7-11e8-a9a8-b499baebfeaf
Discovery 2018-11-12
Entry 2018-11-12

The OpenSSL project reports:

Microarchitecture timing vulnerability in ECC scalar multiplication. Severity: Low
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.

References

CVE Name CVE-2018-5407
URL https://www.openssl.org/news/secadv/20181112.txt