5

CVE-2003-0147

EPSS 20.2%
Published 31.03.2003 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Affected products Warnungen 0 Metrics 2 CWE 0 References 24

Data is provided by the National Vulnerability Database (NVD)

Openpkg ≫ Openpkg

Openpkg ≫ Openpkg Version1.1

Openpkg ≫ Openpkg Version1.2

OpenSSL ≫ OpenSSL Version0.9.6

OpenSSL ≫ OpenSSL Version0.9.6a

OpenSSL ≫ OpenSSL Version0.9.6b

OpenSSL ≫ OpenSSL Version0.9.6c

OpenSSL ≫ OpenSSL Version0.9.6d

OpenSSL ≫ OpenSSL Version0.9.6e

OpenSSL ≫ OpenSSL Version0.9.6g

OpenSSL ≫ OpenSSL Version0.9.6h

OpenSSL ≫ OpenSSL Version0.9.6i

OpenSSL ≫ OpenSSL Version0.9.7

OpenSSL ≫ OpenSSL Version0.9.7a

Stunnel ≫ Stunnel Version3.7

Stunnel ≫ Stunnel Version3.8

Stunnel ≫ Stunnel Version3.9

Stunnel ≫ Stunnel Version3.10

Stunnel ≫ Stunnel Version3.11

Stunnel ≫ Stunnel Version3.12

Stunnel ≫ Stunnel Version3.13

Stunnel ≫ Stunnel Version3.14

Stunnel ≫ Stunnel Version3.15

Stunnel ≫ Stunnel Version3.16

Stunnel ≫ Stunnel Version3.17

Stunnel ≫ Stunnel Version3.18

Stunnel ≫ Stunnel Version3.19

Stunnel ≫ Stunnel Version3.20

Stunnel ≫ Stunnel Version3.21

Stunnel ≫ Stunnel Version3.22

Stunnel ≫ Stunnel Version4.0

Stunnel ≫ Stunnel Version4.01

Stunnel ≫ Stunnel Version4.02

Stunnel ≫ Stunnel Version4.03

Stunnel ≫ Stunnel Version4.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	20.2%	0.953

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625

http://www.debian.org/security/2003/dsa-288

http://www.redhat.com/support/errata/RHSA-2003-101.html

http://www.redhat.com/support/errata/RHSA-2003-102.html

http://www.securityfocus.com/archive/1/316577/30/25310/threaded

http://www.securityfocus.com/archive/1/316165/30/25370/threaded

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html

Vendor Advisory

http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

http://marc.info/?l=bugtraq&m=104766550528628&w=2

http://marc.info/?l=bugtraq&m=104792570615648&w=2

http://marc.info/?l=bugtraq&m=104819602408063&w=2

http://marc.info/?l=bugtraq&m=104829040921835&w=2

http://marc.info/?l=bugtraq&m=104861762028637&w=2

http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml

http://www.kb.cert.org/vuls/id/997481

Third Party Advisory

US Government Resource

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035

http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html

http://www.openssl.org/news/secadv_20030317.txt

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466

https://nvd.nist.gov/vuln/detail/CVE-2003-0147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0147

EUVD