What is the severity of CVE-2005-1797?

CVE-2005-1797 has been classified as having a moderate severity level.

How do I fix CVE-2005-1797?

To fix CVE-2005-1797, you should upgrade to a patched version of OpenSSL that mitigates timing attacks.

What versions of OpenSSL are affected by CVE-2005-1797?

CVE-2005-1797 affects multiple versions of OpenSSL, including 0.9.1c through 0.9.7d.

What kind of attack does CVE-2005-1797 exploit?

CVE-2005-1797 exploits timing attacks specifically targeting the S-box lookups within AES implementations.

Is CVE-2005-1797 a local or remote vulnerability?

CVE-2005-1797 is a remote vulnerability that allows attackers to recover AES keys through network interactions.

Vulnerability/
CVE-2005-1797

medium

5.1

CWE

NVD-CWE-Other

26/5/2005

1/6/2005

7/8/2024

CVE-2005-1797

First published: Thu May 26 2005(Updated: )

The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
OpenSSL libcrypto	=0.9.7-beta3
OpenSSL libcrypto	=0.9.6i
OpenSSL libcrypto	=0.9.3
OpenSSL libcrypto	=0.9.7-beta2
OpenSSL libcrypto	=0.9.7c
OpenSSL libcrypto	=0.9.6d
OpenSSL libcrypto	=0.9.1c
OpenSSL libcrypto	=0.9.6
OpenSSL libcrypto	=0.9.6a
OpenSSL libcrypto	=0.9.4
OpenSSL libcrypto	=0.9.5a
OpenSSL libcrypto	=0.9.6f
OpenSSL libcrypto	=0.9.6l
OpenSSL libcrypto	=0.9.6e
OpenSSL libcrypto	=0.9.7d
OpenSSL libcrypto	=0.9.7
OpenSSL libcrypto	=0.9.6b
OpenSSL libcrypto	=0.9.7b
OpenSSL libcrypto	=0.9.6k
OpenSSL libcrypto	=0.9.6g
OpenSSL libcrypto	=0.9.6h
OpenSSL libcrypto	=0.9.7-beta1
OpenSSL libcrypto	=0.9.6j
OpenSSL libcrypto	=0.9.7a
OpenSSL libcrypto	=0.9.6c
OpenSSL libcrypto	=0.9.6m
OpenSSL libcrypto	=0.9.2b
OpenSSL libcrypto	=0.9.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-1797?
CVE-2005-1797 has been classified as having a moderate severity level.
How do I fix CVE-2005-1797?
To fix CVE-2005-1797, you should upgrade to a patched version of OpenSSL that mitigates timing attacks.
What versions of OpenSSL are affected by CVE-2005-1797?
CVE-2005-1797 affects multiple versions of OpenSSL, including 0.9.1c through 0.9.7d.
What kind of attack does CVE-2005-1797 exploit?
CVE-2005-1797 exploits timing attacks specifically targeting the S-box lookups within AES implementations.
Is CVE-2005-1797 a local or remote vulnerability?
CVE-2005-1797 is a remote vulnerability that allows attackers to recover AES keys through network interactions.

agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/event
agent/description
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/openssl
canonical/openssl libcrypto
version/openssl libcrypto/0.9.7-beta3
version/openssl libcrypto/0.9.6i
version/openssl libcrypto/0.9.3
version/openssl libcrypto/0.9.7-beta2
version/openssl libcrypto/0.9.7c
version/openssl libcrypto/0.9.6d
version/openssl libcrypto/0.9.1c
version/openssl libcrypto/0.9.6
version/openssl libcrypto/0.9.6a
version/openssl libcrypto/0.9.4
version/openssl libcrypto/0.9.5a
version/openssl libcrypto/0.9.6f
version/openssl libcrypto/0.9.6l
version/openssl libcrypto/0.9.6e
version/openssl libcrypto/0.9.7d
version/openssl libcrypto/0.9.7
version/openssl libcrypto/0.9.6b
version/openssl libcrypto/0.9.7b
version/openssl libcrypto/0.9.6k
version/openssl libcrypto/0.9.6g
version/openssl libcrypto/0.9.6h
version/openssl libcrypto/0.9.7-beta1
version/openssl libcrypto/0.9.6j
version/openssl libcrypto/0.9.7a
version/openssl libcrypto/0.9.6c
version/openssl libcrypto/0.9.6m
version/openssl libcrypto/0.9.2b
version/openssl libcrypto/0.9.5

Frequently Asked Questions

What is the severity of CVE-2005-1797?
CVE-2005-1797 has been classified as having a moderate severity level.
How do I fix CVE-2005-1797?
To fix CVE-2005-1797, you should upgrade to a patched version of OpenSSL that mitigates timing attacks.
What versions of OpenSSL are affected by CVE-2005-1797?
CVE-2005-1797 affects multiple versions of OpenSSL, including 0.9.1c through 0.9.7d.
What kind of attack does CVE-2005-1797 exploit?
CVE-2005-1797 exploits timing attacks specifically targeting the S-box lookups within AES implementations.
Is CVE-2005-1797 a local or remote vulnerability?
CVE-2005-1797 is a remote vulnerability that allows attackers to recover AES keys through network interactions.

CVE-2005-1797

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-1797?

How do I fix CVE-2005-1797?

What versions of OpenSSL are affected by CVE-2005-1797?

What kind of attack does CVE-2005-1797 exploit?

Is CVE-2005-1797 a local or remote vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2005-1797?

How do I fix CVE-2005-1797?

What versions of OpenSSL are affected by CVE-2005-1797?

What kind of attack does CVE-2005-1797 exploit?

Is CVE-2005-1797 a local or remote vulnerability?