OpenSSL Information for VU#997481
Cryptographic libraries and applications do not adequately defend against timing attacks
- Vendor Information Help Date Notified: 11 Feb 2003
- Statement Date:
- Date Updated: 15 Apr 2003
A patch to fix the problem, which affects all versions of OpenSSL up to and including 0.9.6i and 0.9.7a, has already been released (http://www.openssl.org/news/secadv_20030317.txt). Versions 0.9.6j and 0.9.7b will be released shortly.
The vendor has not provided us with any further information regarding this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.