cbcvebase.
CVE-2003-0147
published 2003-03-31

CVE-2003-0147: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing…

PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
6.39%
92.8th percentile
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Affected

40 ranges· showing 25
VendorProductVersion rangeFixed in
debianopenssl< openssl 0.9.7b-1 (bookworm)openssl 0.9.7b-1 (bookworm)
openpkgopenpkg
openpkgopenpkg
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 0.9.7b-10.9.7b-1
opensslopenssl>= 0 < 0.9.7b-10.9.7b-1
opensslopenssl>= 0 < 0.9.7b-10.9.7b-1
opensslopenssl>= 0 < 0.9.7b-10.9.7b-1
peersec_networksmatrixssl<= 1.0
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel
stunnelstunnel

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.