CVE-2007-3108

EPSS 0.15%

openssl - predictable random number generator

發布日:2007/8/8修改日:2026/4/28

描述

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

受影響套件(2)

Debian/opensslfrom 0, < 0.9.8e-6
Debian/opensslfrom 0, < 0.9.8c-4etch3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-3108