Description
crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.
Remediation
References
Related Vulnerabilities
OpenSSL Other Vulnerability (CVE-2003-0544)
WordPress Plugin easyReservations Cross-Site Scripting (5.0.11)
Tornado URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-28370)
WordPress Plugin Realtyna Organic IDX + WPL Real Estate Arbitrary File Upload (4.14.13)
WordPress Plugin AVH Extended Categories Widgets Unspecified Vulnerability (4.0.2)