VDB
GCVE-110-CERTCC-2017-307015
GCVE-110-CERTCC-2017-307015
Advisory PublishedCVSS 8.8/10
The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as "ROCA" in the media.
Risk Scores
CVSS 2.0
8.8/10
High · AV:N/AC:M/Au:N/C:C/I:C/A:N
certcc-cam
certcc-cam
impact0population0exploitation0widely_known0score_current0ease_of_exploitation0
certcc-vrda
certcc-vrda
d1_direct_report1
certcc-cvss-temporal-env
certcc-cvss-temporal-env
temporal_score6.9remediation_levelOFreport_confidenceCenvironmental_score6.8687510697792target_distributionNDenvironmental_vectorCDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
Aliases
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.