There's an overflow bug in x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms affected. Attacks against RSA1024, RSA1536, DSA1024, and DH512 are considered difficult or just feasible, but not likely. Fixed in OpenSSL 1.1.1e and 1.0.2u
[
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo