Hi, I read the recent research paper: The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, and Yuval Yarom Nov 30, 2018 Research Paper: https://eprint.iacr.org/2018/1173.pdf As per this paper, OpenSSL was also vulnerable but OpenSSL fixed them independently of the authors' disclosure. ============= APPENDIX A VULNERABILITIES DESCRIPTION A. OpenSSL TLS Implementation [...] However, OpenSSL’s code does contain two side channel vulnerabilities. One vulnerability has been described in Section IV-A and the other is presented here. We note that OpenSSL replaced the vulnerable code in both locations with constant-time implementations independently of our disclosure. ============= The paper does not list the CVE for the openssl vulnerability. Is there a CVE for this? What are the affected versions and in which version they were fixed? with regards, Saravanan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
