Search for vulnerabilities
Vulnerability details: VCID-4ud7-ga8p-aaaj
Vulnerability ID VCID-4ud7-ga8p-aaaj
Aliases CVE-2007-3108
Summary The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0813
rhas Important https://access.redhat.com/errata/RHSA-2007:0964
rhas Moderate https://access.redhat.com/errata/RHSA-2007:1003
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2007-3108
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=245732
cvssv2 1.2 https://nvd.nist.gov/vuln/detail/CVE-2007-3108
Reference id Reference type URL
http://cvs.openssl.org/chngview?cn=16275
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://openssl.org/news/patch-CVE-2007-3108.txt
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3108.json
https://api.first.org/data/v1/epss?cve=CVE-2007-3108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://secunia.com/advisories/26411
http://secunia.com/advisories/26893
http://secunia.com/advisories/27021
http://secunia.com/advisories/27078
http://secunia.com/advisories/27097
http://secunia.com/advisories/27205
http://secunia.com/advisories/27330
http://secunia.com/advisories/27770
http://secunia.com/advisories/27870
http://secunia.com/advisories/28368
http://secunia.com/advisories/30161
http://secunia.com/advisories/30220
http://secunia.com/advisories/31467
http://secunia.com/advisories/31489
http://secunia.com/advisories/31531
http://security.gentoo.org/glsa/glsa-200710-06.xml
https://issues.rpath.com/browse/RPL-1613
https://issues.rpath.com/browse/RPL-1633
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
https://usn.ubuntu.com/522-1/
http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability
http://www.debian.org/security/2008/dsa-1571
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.kb.cert.org/vuls/id/724968
http://www.kb.cert.org/vuls/id/RGII-74KLP3
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
http://www.redhat.com/support/errata/RHSA-2007-0813.html
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.redhat.com/support/errata/RHSA-2007-1003.html
http://www.securityfocus.com/archive/1/476341/100/0/threaded
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.securityfocus.com/archive/1/486859/100/0/threaded
http://www.securityfocus.com/bid/25163
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://www.vupen.com/english/advisories/2007/2759
http://www.vupen.com/english/advisories/2007/4010
http://www.vupen.com/english/advisories/2008/0064
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2362
http://www.vupen.com/english/advisories/2008/2396
245732 https://bugzilla.redhat.com/show_bug.cgi?id=245732
438142 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438142
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
CVE-2007-3108 https://nvd.nist.gov/vuln/detail/CVE-2007-3108
GLSA-200710-06 https://security.gentoo.org/glsa/200710-06
GLSA-201412-11 https://security.gentoo.org/glsa/201412-11
RHSA-2007:0813 https://access.redhat.com/errata/RHSA-2007:0813
RHSA-2007:0964 https://access.redhat.com/errata/RHSA-2007:0964
RHSA-2007:1003 https://access.redhat.com/errata/RHSA-2007:1003
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-3108
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.18175
EPSS Score 0.00046
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.