Pierre-Alain Fouque

**Name of the Vulnerable Software and Affected Versions** PolarSSL versions prior to 1.3.0 PolarSSL versions prior to 1.2.9 **Description** The issue concerns multiple vulnerabilities in the PolarSSL package, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, the RSA-CRT implementation in PolarSSL does not properly perform Montgomery multiplication, potentially allowing remote attackers to conduct a timing side-channel attack and retrieve RSA private keys. **Recommendations** For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For PolarSSL versions prior to 1.2.9, update to version 1.2.9 or later to address the RSA-CRT implementation vulnerability. As a temporary workaround, consider restricting access to sensitive information handled by PolarSSL until a patch is applied.