CVE-2003-0147
Description
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the servers private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (Karatsuba and normal).
Risk Information
Base Score
5.1
MODERATE
Vector
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
26.684
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2003-0131,CVE-2003-0147 are fixed in OpenSSL (x64) 0.9.6j | Windows |
| Vulnerabilities CVE-2003-0131,CVE-2003-0147 are fixed in OpenSSL (x64) 0.9.7b | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.7 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.8 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.10 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.11 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.12 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.13 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.14 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.15 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.16 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.17 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.18 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.19 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.20 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.21 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.22 | Windows |
| Multiple Vulnerabilities are affected in stunnel 3.9 | Windows |
| Multiple Vulnerabilities are affected in stunnel 4.04 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2003-0740,CVE-2008-2400,CVE-2014-0016 are affected in stunnel 4.0 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.01 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.02 | Windows |
| Vulnerabilities CVE-2003-0147,CVE-2008-2400,CVE-2008-2420,CVE-2014-0016 are affected in stunnel 4.03 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234