CVE-2007-3108
openssl - predictable random number generator
EPSS 0.15%
Description
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
How to fix CVE-2007-3108
To remediate CVE-2007-3108, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.8e-6 or later
- Debian/openssl—upgrade to 0.9.8c-4etch3 or later
Is CVE-2007-3108 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.9.8e-6
- from 0, < 0.9.8c-4etch3