CVE-2013-5915
04.10.2013, 17:55
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.Enginsight
| Vendor | Product | Version |
|---|---|---|
| polarssl | polarssl | 𝑥 ≤ 1.2.8 |
| polarssl | polarssl | 0.10.0 |
| polarssl | polarssl | 0.10.1 |
| polarssl | polarssl | 0.11.0 |
| polarssl | polarssl | 0.11.1 |
| polarssl | polarssl | 0.12.0 |
| polarssl | polarssl | 0.12.1 |
| polarssl | polarssl | 0.13.1 |
| polarssl | polarssl | 0.14.0 |
| polarssl | polarssl | 0.14.2 |
| polarssl | polarssl | 0.14.3 |
| polarssl | polarssl | 0.99:pre1 |
| polarssl | polarssl | 0.99:pre3 |
| polarssl | polarssl | 0.99:pre4 |
| polarssl | polarssl | 0.99:pre5 |
| polarssl | polarssl | 1.0.0 |
| polarssl | polarssl | 1.1.0 |
| polarssl | polarssl | 1.1.0:rc0 |
| polarssl | polarssl | 1.1.0:rc1 |
| polarssl | polarssl | 1.1.1 |
| polarssl | polarssl | 1.1.2 |
| polarssl | polarssl | 1.1.3 |
| polarssl | polarssl | 1.1.4 |
| polarssl | polarssl | 1.1.5 |
| polarssl | polarssl | 1.1.6 |
| polarssl | polarssl | 1.1.8 |
| polarssl | polarssl | 1.2.0 |
| polarssl | polarssl | 1.2.1 |
| polarssl | polarssl | 1.2.2 |
| polarssl | polarssl | 1.2.3 |
| polarssl | polarssl | 1.2.4 |
| polarssl | polarssl | 1.2.5 |
| polarssl | polarssl | 1.2.6 |
| polarssl | polarssl | 1.2.7 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References