CVE-2007-3108
EPSS 0.15%openssl - predictable random number generator
Published: 8/8/2007Modified: 4/28/2026
Also known as:DEBIAN-CVE-2007-3108
Description
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Affected packages (2)
- Debian/opensslfrom 0, < 0.9.8e-6
- Debian/opensslfrom 0, < 0.9.8c-4etch3