Description
OpenSSL is prone to a information-disclosure vulnerability. Successfully exploiting this issue allows local attackers to recover the key during an ECDSA signature operation. Information harvested may aid in further attacks.
Technologies Affected
- OpenSSL Project OpenSSL 1.0.2
- OpenSSL Project OpenSSL 1.0.2a
- OpenSSL Project OpenSSL 1.0.2b
- OpenSSL Project OpenSSL 1.0.2c
- OpenSSL Project OpenSSL 1.0.2d
- OpenSSL Project OpenSSL 1.0.2e
- OpenSSL Project OpenSSL 1.0.2f
- OpenSSL Project OpenSSL 1.0.2g
- OpenSSL Project OpenSSL 1.0.2h
- OpenSSL Project OpenSSL 1.0.2i
- OpenSSL Project OpenSSL 1.0.2j
- OpenSSL Project OpenSSL 1.0.2k
- OpenSSL Project OpenSSL 1.0.2l
- OpenSSL Project OpenSSL 1.0.2m
- OpenSSL Project OpenSSL 1.0.2n
- OpenSSL Project OpenSSL 1.0.2o
- OpenSSL Project OpenSSL 1.0.2p
- OpenSSL Project OpenSSL 1.0.2q
- OpenSSL Project OpenSSL 1.0.2r
- OpenSSL Project OpenSSL 1.0.2s
- OpenSSL Project OpenSSL 1.1.0
- OpenSSL Project OpenSSL 1.1.0a
- OpenSSL Project OpenSSL 1.1.0b
- OpenSSL Project OpenSSL 1.1.0c
- OpenSSL Project OpenSSL 1.1.0d
- OpenSSL Project OpenSSL 1.1.0e
- OpenSSL Project OpenSSL 1.1.0f
- OpenSSL Project OpenSSL 1.1.0g
- OpenSSL Project OpenSSL 1.1.0h
- OpenSSL Project OpenSSL 1.1.0i
- OpenSSL Project OpenSSL 1.1.0j
- OpenSSL Project OpenSSL 1.1.0k
- OpenSSL Project OpenSSL 1.1.1
- OpenSSL Project OpenSSL 1.1.1B
- OpenSSL Project OpenSSL 1.1.1a
- OpenSSL Project OpenSSL 1.1.1c
- Oracle VM VirtualBox 5.0
- Oracle VM VirtualBox 5.0.10
- Oracle VM VirtualBox 5.0.11
- Oracle VM VirtualBox 5.0.12
- Oracle VM VirtualBox 5.0.13
- Oracle VM VirtualBox 5.0.14
- Oracle VM VirtualBox 5.0.16
- Oracle VM VirtualBox 5.0.18
- Oracle VM VirtualBox 5.0.22
- Oracle VM VirtualBox 5.0.26
- Oracle VM VirtualBox 5.0.28
- Oracle VM VirtualBox 5.0.32
- Oracle VM VirtualBox 5.0.34
- Oracle VM VirtualBox 5.0.38
- Oracle VM VirtualBox 5.0.8
- Oracle VM VirtualBox 5.0.9
- Oracle VM VirtualBox 5.1.10
- Oracle VM VirtualBox 5.1.14
- Oracle VM VirtualBox 5.1.16
- Oracle VM VirtualBox 5.1.20
- Oracle VM VirtualBox 5.1.24
- Oracle VM VirtualBox 5.1.30
- Oracle VM VirtualBox 5.1.32
- Oracle VM VirtualBox 5.1.36
- Oracle VM VirtualBox 5.1.8
- Oracle VM VirtualBox 5.2.0
- Oracle VM VirtualBox 5.2.10
- Oracle VM VirtualBox 5.2.16
- Oracle VM VirtualBox 5.2.18
- Oracle VM VirtualBox 5.2.2
- Oracle VM VirtualBox 5.2.20
- Oracle VM VirtualBox 5.2.22
- Oracle VM VirtualBox 5.2.24
- Oracle VM VirtualBox 5.2.25
- Oracle VM VirtualBox 5.2.26
- Oracle VM VirtualBox 5.2.28
- Oracle VM VirtualBox 5.2.32
- Oracle VM VirtualBox 5.2.4
- Oracle VM VirtualBox 6.0.0
- Oracle VM VirtualBox 6.0.10
- Oracle VM VirtualBox 6.0.2
- Oracle VM VirtualBox 6.0.4
- Oracle VM VirtualBox 6.0.6
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.
Updates are available. Please see the references or vendor advisory for more information.