|Max CVSS||4.3||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
|20-01-2021 - 15:15||27-02-2019 - 23:29|
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.
|24-08-2020 - 17:37||30-10-2018 - 12:29|