OpenSSL

Cryptography and SSL/TLS Toolkit

Vulnerabilities

If you think you have found a security bug in OpenSSL, please report it to us.

Show issues fixed only in OpenSSL 1.1.1, 1.1.0, 1.0.2, 1.0.1, 1.0.0, 0.9.8, 0.9.7, 0.9.6, or all versions

Fixed in OpenSSL 1.1.1

2018

CVE-2018-0734 (OpenSSL advisory) [Low severity] 30 October 2018:
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Reported by Samuel Weiser.
CVE-2018-0735 (OpenSSL advisory) [Low severity] 29 October 2018:
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Reported by Samuel Weiser.
  • Fixed in OpenSSL 1.1.1a (git commit) (Affected 1.1.1)
  • This issue was also addressed in OpenSSL 1.1.0j