Description
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
Remediation
References
Related Vulnerabilities
TYPO3 7PK - Security Features Vulnerability (CVE-2016-5091)
Oracle Database Server CVE-2015-4857 Vulnerability (CVE-2015-4857)
Jetty Other Vulnerability (CVE-2024-6763)
Sqlite Improper Initialization Vulnerability (CVE-2020-11655)
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)