VDB

GCVE-110-CERTCC-2017-307015

GCVE-110-CERTCC-2017-307015
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published October 16, 2017
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as "ROCA" in the media.

Risk Scores

CVSS 2.0
8.8/10
High · AV:N/AC:M/Au:N/C:C/I:C/A:N
certcc-cam
certcc-cam
impact0population0exploitation0widely_known0score_current0ease_of_exploitation0
certcc-vrda
certcc-vrda
d1_direct_report1
certcc-cvss-temporal-env
certcc-cvss-temporal-env
temporal_score6.9remediation_levelOFreport_confidenceCenvironmental_score6.8687510697792target_distributionNDenvironmental_vectorCDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›