Description
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Default Thumbnail Plus Arbitrary File Upload (1.0.2.3)
Joomla Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-15699)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)