OndᖞJ Pokorný

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 0.9.5a through 0.9.6i OpenSSL versions 0.9.7 and 0.9.7a **Description** The issue affects the SSL and TLS components of OpenSSL, allowing remote attackers to perform unauthorized RSA private key operations via a modified Bleichenbacher attack. This attack, also known as the Klima-Pokorny-Rosa attack, uses a large number of SSL or TLS connections with PKCS #1 v1.5 padding to cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext. The exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For OpenSSL versions 0.9.5a through 0.9.6i, update to a version later than 0.9.6i to resolve the issue. For OpenSSL versions 0.9.7 and 0.9.7a, update to a version later than 0.9.7a to resolve the issue. As a temporary workaround, consider restricting access to the SSL and TLS components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.