Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2010-0928

Опубликовано: 05 мар. 2010
Источник: debian
EPSS Низкий

Описание

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

Примечания

  • http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf

  • https://github.com/openssl/openssl/discussions/24540

  • Fault injection based attacks are not within OpenSSLs threat model according

  • to the security policy: https://www.openssl.org/policies/general/security-policy.html

EPSS

Процентиль: 27%
0.00094
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2010-0928

ubuntu
почти 16 лет назад

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

redhat логотип

CVE-2010-0928

redhat
почти 16 лет назад

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

nvd логотип

CVE-2010-0928

nvd
почти 16 лет назад

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

github логотип

GHSA-h3c3-6h4v-h278

github
почти 4 года назад

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

EPSS

Процентиль: 27%
0.00094
Низкий