CVE-2018-0734

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.1.1a OpenSSL versions 1.1.0 through 1.1.0i OpenSSL versions 1.0.2 through 1.0.2p MySQL Server versions 5.6.42 and earlier MySQL Server versions 5.7.24 and earlier MySQL Server versions 8.0.13 and earlier

Description The vulnerability is related to the implementation of the DSA algorithm in OpenSSL, which is vulnerable to a timing side channel attack. This could allow an attacker to recover the private key by exploiting variations in the signing algorithm. The issue affects various software products, including OpenSSL and MySQL Server.

Recommendations For OpenSSL versions prior to 1.1.1a, update to version 1.1.1a or later. For OpenSSL versions 1.1.0 through 1.1.0i, update to version 1.1.0j or later. For OpenSSL versions 1.0.2 through 1.0.2p, update to version 1.0.2q or later. For MySQL Server versions 5.6.42 and earlier, update to a version later than 5.6.42. For MySQL Server versions 5.7.24 and earlier, update to a version later than 5.7.24. For MySQL Server versions 8.0.13 and earlier, update to a version later than 8.0.13.