CVE-2000-1254 — Openssl vulnerability

CWE-3106 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedMay 5

Latest updateApr 30

Description

crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.6-1 (bookworm)

▶Debianopenssl/openssl< 0.9.6-1+3

▶NVDopenssl/openssl0.9.5

🔴Vulnerability Details

GHSA

GHSA-m8gw-x5jx-r3vm: crypto/rsa/rsa_gen↗2022-04-30

▶

OSV

CVE-2000-1254: crypto/rsa/rsa_gen↗2016-05-05

▶

📋Vendor Advisories

Red Hat

openssl: Mishandling C bitwise-shift operations making easier to bypass protection mechanisms↗2000-06-01

▶

Debian

CVE-2000-1254: openssl - crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operatio...↗2000

▶

💬Community

Bugzilla

CVE-2000-1254 openssl: Mishandling C bitwise-shift operations making easier to bypass protection mechanisms↗2016-05-05

▶