CVE-2007-3108 — Openssl vulnerability

14 documents9 sources

Severity

1.2LOWNVD

EPSS

0.2%

top 63.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl

Timeline

PublishedAug 8

Latest updateDec 29

Description

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openssl< openssl 0.9.8e-6 (bookworm)

▶Debianopenssl/openssl< 0.9.8e-6+3

▶NVDopenssl/openssl0.9.8e

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-p7c7-98j2-8p2x: The BN_from_montgomery function in crypto/bn/bn_mont↗2022-05-01

▶

OSV

CVE-2007-3108: The BN_from_montgomery function in crypto/bn/bn_mont↗2007-08-08

▶

📋Vendor Advisories

VMware

Updated service console patches.↗2008-01-07

▶

Ubuntu

openssl vulnerabilities↗2007-09-28

▶

Red Hat

openssl: RSA side-channel attack↗2007-08-01

▶

Debian

CVE-2007-3108: openssl - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and ear...↗2007

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2007-3108 openssl RSA weakness↗2007-08-02

▶

Bugzilla

CVE-2007-3108 openssl various flaws [FC6]↗2007-08-02

▶

Bugzilla

CVE-2007-3108 openssl various flaws [F7]↗2007-08-02

▶

Bugzilla

CVE-2007-3108 openssl various flaws [Fdevel]↗2007-08-02

▶

Bugzilla

Placeholder for VU#724968 investigation↗2007-07-03

▶