Description
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2348)
Joomla Other Vulnerability (CVE-2006-1030)
Apache HTTP Server Other Vulnerability (CVE-2002-1658)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Request Forgery (2.25.2)
Liferay Portal Incorrect Authorization Vulnerability (CVE-2024-25149)