[openssl-users] The 9 Lives of Bleichenbacher's CAT - Is there a CVE for OpenSSL?
M K Saravanan
mksarav at gmail.com
Mon Dec 10 10:41:20 UTC 2018
I read the recent research paper:
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, and
Nov 30, 2018
Research Paper: https://eprint.iacr.org/2018/1173.pdf
As per this paper, OpenSSL was also vulnerable but OpenSSL fixed them
independently of the authors' disclosure.
A. OpenSSL TLS Implementation
However, OpenSSL’s code does contain two side channel vulnerabilities.
One vulnerability has been described in Section IV-A and the other is
presented here. We note that OpenSSL replaced the vulnerable code in
both locations with constant-time implementations independently of our
The paper does not list the CVE for the openssl vulnerability.
Is there a CVE for this? What are the affected versions and in which
version they were fixed?
More information about the openssl-users