CVE Vulnerabilities

CVE-2010-0928

Published: Mar 05, 2010 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:L/AC:H/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
NEGLIGIBLE

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a fault-based attack.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 0.9.8i (including) 0.9.8i (including)
Openssl Ubuntu dapper *
Openssl Ubuntu devel *
Openssl Ubuntu hardy *
Openssl Ubuntu intrepid *
Openssl Ubuntu jaunty *
Openssl Ubuntu karmic *
Openssl Ubuntu lucid *
Openssl Ubuntu upstream *

References