Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2013-5915

The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.

  • Published: Oct 4, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-5915
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
polarssl / polarssl 1.2.4 1.2.4.x
polarssl / polarssl 0.14.2 0.14.2.x
polarssl / polarssl 1.2.6 1.2.6.x
polarssl / polarssl 0.11.0 0.11.0.x
polarssl / polarssl 1.0.0 1.0.0.x
polarssl / polarssl 0.13.1 0.13.1.x
polarssl / polarssl 1.1.3 1.1.3.x
polarssl / polarssl 0.12.1 0.12.1.x
polarssl / polarssl 0.99-pre3 0.99-pre3.x
polarssl / polarssl 0.99-pre5 0.99-pre5.x
polarssl / polarssl 0.11.1 0.11.1.x
polarssl / polarssl 1.1.4 1.1.4.x
polarssl / polarssl 1.2.2 1.2.2.x
polarssl / polarssl 1.1.8 1.1.8.x
polarssl / polarssl 0.14.0 0.14.0.x
polarssl / polarssl 1.1.6 1.1.6.x
polarssl / polarssl 1.2.3 1.2.3.x
polarssl / polarssl 1.1.1 1.1.1.x
polarssl / polarssl 0.99-pre1 0.99-pre1.x
polarssl / polarssl 1.2.0 1.2.0.x
polarssl / polarssl 1.2.1 1.2.1.x
polarssl / polarssl - 1.2.8.x
polarssl / polarssl 1.1.2 1.1.2.x
polarssl / polarssl 0.14.3 0.14.3.x
polarssl / polarssl 1.2.7 1.2.7.x
polarssl / polarssl 1.2.5 1.2.5.x
polarssl / polarssl 1.1.0-rc1 1.1.0-rc1.x
polarssl / polarssl 1.1.5 1.1.5.x
polarssl / polarssl 1.1.0-rc0 1.1.0-rc0.x
polarssl / polarssl 1.1.0 1.1.0.x
polarssl / polarssl 0.10.1 0.10.1.x
polarssl / polarssl 0.99-pre4 0.99-pre4.x
polarssl / polarssl 0.12.0 0.12.0.x
polarssl / polarssl 0.10.0 0.10.0.x