DEBIAN-CVE-2003-0131

DEBIAN-CVE-2003-0131 PUBLISHED

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Affected Products

Vendor	Product	Versions
Debian:13	openssl	0, 0, 0
Debian:12	openssl	0, 0, 0
Debian:11	openssl	0, 0, 0
Debian:14	openssl	0, 0, 0

Timeline

Mar 24, 2003 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2003-0131 advisory

Open in Interactive Console →