CVE-2013-5915
First published: Fri Oct 04 2013(Updated: )
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PolarSSL | <=1.2.8 | |
| PolarSSL | =0.10.0 | |
| PolarSSL | =0.10.1 | |
| PolarSSL | =0.11.0 | |
| PolarSSL | =0.11.1 | |
| PolarSSL | =0.12.0 | |
| PolarSSL | =0.12.1 | |
| PolarSSL | =0.13.1 | |
| PolarSSL | =0.14.0 | |
| PolarSSL | =0.14.2 | |
| PolarSSL | =0.14.3 | |
| PolarSSL | =0.99-pre1 | |
| PolarSSL | =0.99-pre3 | |
| PolarSSL | =0.99-pre4 | |
| PolarSSL | =0.99-pre5 | |
| PolarSSL | =1.0.0 | |
| PolarSSL | =1.1.0 | |
| PolarSSL | =1.1.0-rc0 | |
| PolarSSL | =1.1.0-rc1 | |
| PolarSSL | =1.1.1 | |
| PolarSSL | =1.1.2 | |
| PolarSSL | =1.1.3 | |
| PolarSSL | =1.1.4 | |
| PolarSSL | =1.1.5 | |
| PolarSSL | =1.1.6 | |
| PolarSSL | =1.1.8 | |
| PolarSSL | =1.2.0 | |
| PolarSSL | =1.2.1 | |
| PolarSSL | =1.2.2 | |
| PolarSSL | =1.2.3 | |
| PolarSSL | =1.2.4 | |
| PolarSSL | =1.2.5 | |
| PolarSSL | =1.2.6 | |
| PolarSSL | =1.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html
- http://osvdb.org/98049
- http://secunia.com/advisories/55084
- http://www.debian.org/security/2013/dsa-2782
- http://www.securityfocus.com/bid/62771
- https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
Frequently Asked Questions
What is the severity of CVE-2013-5915?
CVE-2013-5915 is classified as a medium severity vulnerability due to potential exposure of RSA private keys via timing side-channel attacks.
How do I fix CVE-2013-5915?
To fix CVE-2013-5915, upgrade PolarSSL to version 1.2.9 or later, which contains the necessary security patches.
What versions of PolarSSL are affected by CVE-2013-5915?
CVE-2013-5915 affects PolarSSL versions prior to 1.2.9, including versions 0.10.0 through 1.2.8.
What types of attacks can exploit CVE-2013-5915?
CVE-2013-5915 can be exploited through remote timing side-channel attacks that may lead to the exposure of private RSA keys.
Is CVE-2013-5915 related to any specific cryptographic operations?
CVE-2013-5915 specifically involves vulnerabilities in the RSA-CRT implementation and Montgomery multiplication of PolarSSL.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/polarssl
- canonical/polarssl
- version/polarssl/1.2.8
- version/polarssl/0.10.0
- version/polarssl/0.10.1
- version/polarssl/0.11.0
- version/polarssl/0.11.1
- version/polarssl/0.12.0
- version/polarssl/0.12.1
- version/polarssl/0.13.1
- version/polarssl/0.14.0
- version/polarssl/0.14.2
- version/polarssl/0.14.3
- version/polarssl/0.99-pre1
- version/polarssl/0.99-pre3
- version/polarssl/0.99-pre4
- version/polarssl/0.99-pre5
- version/polarssl/1.0.0
- version/polarssl/1.1.0
- version/polarssl/1.1.0-rc0
- version/polarssl/1.1.0-rc1
- version/polarssl/1.1.1
- version/polarssl/1.1.2
- version/polarssl/1.1.3
- version/polarssl/1.1.4
- version/polarssl/1.1.5
- version/polarssl/1.1.6
- version/polarssl/1.1.8
- version/polarssl/1.2.0
- version/polarssl/1.2.1
- version/polarssl/1.2.2
- version/polarssl/1.2.3
- version/polarssl/1.2.4
- version/polarssl/1.2.5
- version/polarssl/1.2.6
- version/polarssl/1.2.7