CVE-2003-0147

NameCVE-2003-0147
DescriptionOpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-288

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)jessie, jessie (lts)1.0.1t-1+deb8u21fixed
stretch (security)1.1.0l-1~deb9u6fixed
stretch (lts), stretch1.1.0l-1~deb9u9fixed
buster1.1.1n-0+deb10u3fixed
buster (security)1.1.1n-0+deb10u6fixed
bullseye1.1.1w-0+deb11u1fixed
bullseye (security)1.1.1n-0+deb11u5fixed
bookworm (security), bookworm3.0.11-1~deb12u2fixed
sid, trixie3.1.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcewoody0.9.6c-2.woody.3DSA-288
opensslsource(unstable)0.9.7b-1
openssl096source(unstable)0.9.6j-1

Search for package or bug name: Reporting problems