CVE-2003-0147
EPSS 28.7%
Description
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
How to fix CVE-2003-0147
To remediate CVE-2003-0147, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.7b-1 or later
Is CVE-2003-0147 being exploited?
Moderate — EPSS is 28.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.9.7b-1