Use of a Broken or Risky Cryptographic Algorithm Affecting openssl Open this link in a new tab package, versions <1.1.1a-r0


0.0
medium
  • Attack Complexity

    High

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-ALPINE313-OPENSSL-1068080

  • published

    2 Dec 2018

  • disclosed

    30 Oct 2018

How to fix?

Upgrade Alpine:3.13 openssl to version 1.1.1a-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See How to fix? for Alpine:3.13 relevant versions.

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).