Vulnerability Details CVE-2013-5915
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html
- http://osvdb.org/98049
- http://secunia.com/advisories/55084
- http://www.debian.org/security/2013/dsa-2782
- http://www.securityfocus.com/bid/62771
- https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html
- http://osvdb.org/98049
- http://secunia.com/advisories/55084
- http://www.debian.org/security/2013/dsa-2782
- http://www.securityfocus.com/bid/62771
- https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
Products affected by CVE-2013-5915
-
cpe:2.3:a:polarssl:polarssl:0.10.0
-
cpe:2.3:a:polarssl:polarssl:0.10.1
-
cpe:2.3:a:polarssl:polarssl:0.11.0
-
cpe:2.3:a:polarssl:polarssl:0.11.1
-
cpe:2.3:a:polarssl:polarssl:0.12.0
-
cpe:2.3:a:polarssl:polarssl:0.12.1
-
cpe:2.3:a:polarssl:polarssl:0.13.1
-
cpe:2.3:a:polarssl:polarssl:0.14.0
-
cpe:2.3:a:polarssl:polarssl:0.14.2
-
cpe:2.3:a:polarssl:polarssl:0.14.3
-
cpe:2.3:a:polarssl:polarssl:0.99
-
cpe:2.3:a:polarssl:polarssl:1.0.0
-
cpe:2.3:a:polarssl:polarssl:1.1.0
-
cpe:2.3:a:polarssl:polarssl:1.1.1
-
cpe:2.3:a:polarssl:polarssl:1.1.2
-
cpe:2.3:a:polarssl:polarssl:1.1.3
-
cpe:2.3:a:polarssl:polarssl:1.1.4
-
cpe:2.3:a:polarssl:polarssl:1.1.5
-
cpe:2.3:a:polarssl:polarssl:1.1.6
-
cpe:2.3:a:polarssl:polarssl:1.1.7
-
cpe:2.3:a:polarssl:polarssl:1.1.8
-
cpe:2.3:a:polarssl:polarssl:1.2.0
-
cpe:2.3:a:polarssl:polarssl:1.2.1
-
cpe:2.3:a:polarssl:polarssl:1.2.2
-
cpe:2.3:a:polarssl:polarssl:1.2.3
-
cpe:2.3:a:polarssl:polarssl:1.2.4
-
cpe:2.3:a:polarssl:polarssl:1.2.5
-
cpe:2.3:a:polarssl:polarssl:1.2.6
-
cpe:2.3:a:polarssl:polarssl:1.2.7
-
cpe:2.3:a:polarssl:polarssl:1.2.8