The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Polarssl | Polarssl | * | 1.2.8 (including) |
| Polarssl | Polarssl | 0.10.0 (including) | 0.10.0 (including) |
| Polarssl | Polarssl | 0.10.1 (including) | 0.10.1 (including) |
| Polarssl | Polarssl | 0.11.0 (including) | 0.11.0 (including) |
| Polarssl | Polarssl | 0.11.1 (including) | 0.11.1 (including) |
| Polarssl | Polarssl | 0.12.0 (including) | 0.12.0 (including) |
| Polarssl | Polarssl | 0.12.1 (including) | 0.12.1 (including) |
| Polarssl | Polarssl | 0.13.1 (including) | 0.13.1 (including) |
| Polarssl | Polarssl | 0.14.0 (including) | 0.14.0 (including) |
| Polarssl | Polarssl | 0.14.2 (including) | 0.14.2 (including) |
| Polarssl | Polarssl | 0.14.3 (including) | 0.14.3 (including) |
| Polarssl | Polarssl | 0.99-pre1 (including) | 0.99-pre1 (including) |
| Polarssl | Polarssl | 0.99-pre3 (including) | 0.99-pre3 (including) |
| Polarssl | Polarssl | 0.99-pre4 (including) | 0.99-pre4 (including) |
| Polarssl | Polarssl | 0.99-pre5 (including) | 0.99-pre5 (including) |
| Polarssl | Polarssl | 1.0.0 (including) | 1.0.0 (including) |
| Polarssl | Polarssl | 1.1.0 (including) | 1.1.0 (including) |
| Polarssl | Polarssl | 1.1.0-rc0 (including) | 1.1.0-rc0 (including) |
| Polarssl | Polarssl | 1.1.0-rc1 (including) | 1.1.0-rc1 (including) |
| Polarssl | Polarssl | 1.1.1 (including) | 1.1.1 (including) |
| Polarssl | Polarssl | 1.1.2 (including) | 1.1.2 (including) |
| Polarssl | Polarssl | 1.1.3 (including) | 1.1.3 (including) |
| Polarssl | Polarssl | 1.1.4 (including) | 1.1.4 (including) |
| Polarssl | Polarssl | 1.1.5 (including) | 1.1.5 (including) |
| Polarssl | Polarssl | 1.1.6 (including) | 1.1.6 (including) |
| Polarssl | Polarssl | 1.1.8 (including) | 1.1.8 (including) |
| Polarssl | Polarssl | 1.2.0 (including) | 1.2.0 (including) |
| Polarssl | Polarssl | 1.2.1 (including) | 1.2.1 (including) |
| Polarssl | Polarssl | 1.2.2 (including) | 1.2.2 (including) |
| Polarssl | Polarssl | 1.2.3 (including) | 1.2.3 (including) |
| Polarssl | Polarssl | 1.2.4 (including) | 1.2.4 (including) |
| Polarssl | Polarssl | 1.2.5 (including) | 1.2.5 (including) |
| Polarssl | Polarssl | 1.2.6 (including) | 1.2.6 (including) |
| Polarssl | Polarssl | 1.2.7 (including) | 1.2.7 (including) |
| Mbedtls | Ubuntu | upstream | * |
| Polarssl | Ubuntu | lucid | * |
| Polarssl | Ubuntu | precise | * |
| Polarssl | Ubuntu | quantal | * |
| Polarssl | Ubuntu | raring | * |
| Polarssl | Ubuntu | saucy | * |
| Polarssl | Ubuntu | upstream | * |