VDB
CVE-2003-0078
CVE-2003-0078
PUBLISHED
CVSS 5 MEDIUM
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
EPSS 13.07% · 94.2th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
13.07%
94.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openbsd | openbsd | 3.2, 3.1 |
| n/a | n/a | * |
| freebsd | freebsd | 4.3, 4.4, 4.5 |
| openssl | openssl | 0.9.7, 0.9.7, 0.9.7 |
Timeline
- Mar 3, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
- Oct 28, 2023 EPSS Score
- Feb 10, 2024 EPSS Score
References
- 20030501-01-I vendor-advisory
- 3945 vdb
- ssl-cbc-information-leak(11369) vdb
- http://www.openssl.org/news/secadv_20030219.txt url
- 2003-0005 vendor-advisory
- DSA-253 vendor-advisory
- RHSA-2003:205 vendor-advisory
- ESA-20030220-005 vendor-advisory
- N-051 third-party-advisory
- 20030219 OpenSSL 0.9.7a and 0.9.6i released mailing-list
- RHSA-2003:104 vendor-advisory
- 6884 vdb
- NetBSD-SA2003-001 vendor-advisory
- MDKSA-2003:020 vendor-advisory
- CLSA-2003:570 vendor-advisory
- 20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) mailing-list
- GLSA-200302-10 vendor-advisory
- RHSA-2003:082 vendor-advisory
- RHSA-2003:063 vendor-advisory
- RHSA-2003:062 vendor-advisory
…and 1 more