Lucene search

K
cve[email protected]CVE-2007-3108
HistoryAug 08, 2007 - 1:17 a.m.

CVE-2007-3108

2007-08-0801:17:00
NVD-CWE-Other
web.nvd.nist.gov
97
cve-2007-3108
openssl
side-channel attack
rsa
nvd

8.6 High

AI Score

Confidence

High

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

CPENameOperatorVersion
openssl:opensslopensslle0.9.8e

References

8.6 High

AI Score

Confidence

High

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%