OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/openssl | deb | debian | 12 | >=3.0.11-1~deb12u2 | Not yet available |
debian/openssl | deb | debian | 10 | >=1.1.1n-0+deb10u3 | Not yet available |
debian/openssl | deb | debian | 11 | >=1.1.1w-0+deb11u1 | Not yet available |
debian/openssl | deb | debian | unstable | >=3.2.1-3 | Not yet available |
debian/openssl | deb | debian | 13 | >=3.2.1-3 | Not yet available |
Severity and metrics
No CVSS data available from this source.
1.9
-
-
-
-