OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Max CVSS
5.0
EPSS Score
1.22%
Published
2003-03-31
Updated
2018-10-19
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.
Max CVSS
1.2
EPSS Score
0.06%
Published
2003-05-12
Updated
2016-10-18
2 vulnerabilities found