ECDSA remote timing attack vulnerability in ECDSA signature operation in OpenSSL and MySQL Server| ID: oval:org.secpod.oval:def:58644 | Date: (C)2019-09-16 (M)2024-01-09 |
| Class: VULNERABILITY | Family: windows |
The host is installed with OpenSSL 1.1.0 through 1.1.0k, 1.0.2 through 1.0.2s or 1.1.1 through 1.1.1c, Oracle VM VirtualBox before 5.2.34, prior to 6.0.14 or Oracle MySQL Server through 5.6.46, 5.7.26 or 8.0.18and is prone to a ECDSA remote timing attack vulnerability. A flaw is present in the application which fails to handle the ECDSA signature operation. Successful exploitation allows an attacker to make OpenSSL fall back to non-side channel resistant code paths which may result in full key recovery.
| Platform: |
| Microsoft Windows 11 |
| Microsoft Windows Server 2022 |
| Microsoft Windows 7 |
| Microsoft Windows 8 |
| Microsoft Windows Server 2003 |
| Microsoft Windows Server 2008 |
| Microsoft Windows Vista |
| Microsoft Windows XP |
| Microsoft Windows 8.1 |
| Microsoft Windows Server 2012 R2 |
| Microsoft Windows Server 2008 R2 |
| Microsoft Windows Server 2012 |
| Microsoft Windows Server 2016 |
| Microsoft Windows Server 2019 |
| Microsoft Windows 10 |
| Product: |
| OpenSSL |
| Oracle VM VirtualBox |
| MySQL Server 5.6 |
| MySQL Server 5.7 |
| MySQL Server 8.0 |
