Vulnerability DatabaseCVE-2003-0147
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2003-0147
Published:March 18, 2003
Updated:April 26, 2026
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Affected Packages
https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) >=OpenSSL_0_9_6a <OpenSSL_0_9_6j
Fix Suggestion:
Update to version OpenSSL_0_9_6j
https://github.com/openssl/openssl.git (GITHUB):
Affected version(s) =OpenSSL_0_9_7a <OpenSSL_0_9_7b
Fix Suggestion:
Update to version OpenSSL_0_9_7b
Related ResourcesĀ (22)
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
http://marc.info/?l=bugtraq&m=104766550528628&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
https://people.canonical.com/~ubuntu-security/cve/CVE-2003-0147
http://marc.info/?l=bugtraq&m=104829040921835&w=2
http://marc.info/?l=bugtraq&m=104861762028637&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
http://www.kb.cert.org/vuls/id/997481
http://www.openssl.org/news/secadv_20030317.txt
http://www.redhat.com/support/errata/RHSA-2003-102.html
http://marc.info/?l=bugtraq&m=104792570615648&w=2
http://www.debian.org/security/2003/dsa-288
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
http://marc.info/?l=bugtraq&m=104819602408063&w=2
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
28.74