Use of a Broken or Risky Cryptographic Algorithm Affecting openssl Open this link in a new tab package, versions <1.1.1a-r0


0.0
medium
  • Attack Complexity

    High

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

How to fix?

Upgrade Alpine:3.13 openssl to version 1.1.1a-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See How to fix? for Alpine:3.13 relevant versions.

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).