{"id":"CVE-2010-0928","details":"OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"","modified":"2024-06-04T04:54:51.642971Z","published":"2010-03-05T19:30:00Z","withdrawn":"2024-06-05T12:44:47.682578Z","references":[{"type":"WEB","url":"http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/"},{"type":"WEB","url":"http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf"},{"type":"WEB","url":"http://www.networkworld.com/news/2010/030410-rsa-security-attack.html"},{"type":"WEB","url":"http://www.osvdb.org/62808"},{"type":"WEB","url":"http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/56750"}],"affected":[{"package":{"name":"openssl","ecosystem":"Debian:10","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.1c-1","1.1.1d-0+deb10u1","1.1.1d-0+deb10u2","1.1.1d-0+deb10u3","1.1.1d-0+deb10u4","1.1.1d-0+deb10u5","1.1.1d-0+deb10u6","1.1.1d-0+deb10u7","1.1.1d-0+deb10u8","1.1.1d-1","1.1.1d-2","1.1.1e-1","1.1.1f-1","1.1.1g-1","1.1.1h-1","1.1.1i-1","1.1.1i-2","1.1.1i-3","1.1.1j-1","1.1.1k-1","1.1.1l-1","1.1.1m-1","1.1.1n-0+deb10u1","1.1.1n-0+deb10u2","1.1.1n-0+deb10u3","1.1.1n-0+deb10u4","1.1.1n-0+deb10u5","1.1.1n-0+deb10u6","1.1.1n-1","1.1.1o-1","1.1.1v-0~deb11u1","1.1.1w-0~deb11u1","3.0.0-1","3.0.0~~alpha1-1","3.0.0~~alpha13-1","3.0.0~~alpha13-2","3.0.0~~alpha15-1","3.0.0~~alpha16-1","3.0.0~~alpha3-1","3.0.0~~alpha4-1","3.0.0~~beta1-1","3.0.0~~beta2-1","3.0.1-1","3.0.10-1","3.0.10-1~deb12u1","3.0.11-1","3.0.11-1~deb12u1","3.0.11-1~deb12u2","3.0.12-1","3.0.12-2","3.0.13-1~deb12u1","3.0.2-1","3.0.3-1","3.0.3-2","3.0.3-2+ia64","3.0.3-3","3.0.3-4","3.0.3-5","3.0.3-6","3.0.3-7","3.0.3-8","3.0.4-1","3.0.4-2","3.0.5-1","3.0.5-2","3.0.5-3","3.0.5-4","3.0.7-1","3.0.7-2","3.0.8-1","3.0.9-1","3.1.0-1","3.1.1-1","3.1.2-1","3.1.3-1","3.1.4-1","3.1.4-2","3.1.5-1","3.1.5-1.1","3.2.0-1","3.2.0-2","3.2.1-1","3.2.1-1.1~exp1","3.2.1-2","3.2.1-3","3.3.0-1","3.3.0~beta1-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-0928.json"}},{"package":{"name":"openssl","ecosystem":"Debian:11","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.1k-1","1.1.1k-1+deb11u1","1.1.1k-1+deb11u2","1.1.1l-1","1.1.1m-0+deb11u1","1.1.1m-1","1.1.1n-0+deb11u1","1.1.1n-0+deb11u2","1.1.1n-0+deb11u3","1.1.1n-0+deb11u4","1.1.1n-0+deb11u5","1.1.1n-1","1.1.1o-1","1.1.1v-0~deb11u1","1.1.1w-0+deb11u1","1.1.1w-0~deb11u1","3.0.0-1","3.0.0~~alpha1-1","3.0.0~~alpha13-1","3.0.0~~alpha13-2","3.0.0~~alpha15-1","3.0.0~~alpha16-1","3.0.0~~alpha3-1","3.0.0~~alpha4-1","3.0.0~~beta1-1","3.0.0~~beta2-1","3.0.1-1","3.0.10-1","3.0.10-1~deb12u1","3.0.11-1","3.0.11-1~deb12u1","3.0.11-1~deb12u2","3.0.12-1","3.0.12-2","3.0.13-1~deb12u1","3.0.2-1","3.0.3-1","3.0.3-2","3.0.3-2+ia64","3.0.3-3","3.0.3-4","3.0.3-5","3.0.3-6","3.0.3-7","3.0.3-8","3.0.4-1","3.0.4-2","3.0.5-1","3.0.5-2","3.0.5-3","3.0.5-4","3.0.7-1","3.0.7-2","3.0.8-1","3.0.9-1","3.1.0-1","3.1.1-1","3.1.2-1","3.1.3-1","3.1.4-1","3.1.4-2","3.1.5-1","3.1.5-1.1","3.2.0-1","3.2.0-2","3.2.1-1","3.2.1-1.1~exp1","3.2.1-2","3.2.1-3","3.3.0-1","3.3.0~beta1-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-0928.json"}},{"package":{"name":"openssl","ecosystem":"Debian:12","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.10-1","3.0.10-1~deb12u1","3.0.11-1","3.0.11-1~deb12u1","3.0.11-1~deb12u2","3.0.12-1","3.0.12-2","3.0.13-1~deb12u1","3.0.9-1","3.1.0-1","3.1.1-1","3.1.2-1","3.1.3-1","3.1.4-1","3.1.4-2","3.1.5-1","3.1.5-1.1","3.2.0-1","3.2.0-2","3.2.1-1","3.2.1-1.1~exp1","3.2.1-2","3.2.1-3","3.3.0-1","3.3.0~beta1-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-0928.json"}},{"package":{"name":"openssl","ecosystem":"Debian:13","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.0.10-1","3.0.10-1~deb12u1","3.0.11-1","3.0.11-1~deb12u1","3.0.11-1~deb12u2","3.0.12-1","3.0.12-2","3.0.13-1~deb12u1","3.0.9-1","3.1.0-1","3.1.1-1","3.1.2-1","3.1.3-1","3.1.4-1","3.1.4-2","3.1.5-1","3.1.5-1.1","3.2.0-1","3.2.0-2","3.2.1-1","3.2.1-1.1~exp1","3.2.1-2","3.2.1-3","3.3.0-1","3.3.0~beta1-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-0928.json"}}],"schema_version":"1.7.3"}