CVE-2013-5915

Name of the Vulnerable Software and Affected Versions PolarSSL versions prior to 1.3.0 PolarSSL versions prior to 1.2.9

Description The issue concerns multiple vulnerabilities in the PolarSSL package, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, the RSA-CRT implementation in PolarSSL does not properly perform Montgomery multiplication, potentially allowing remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.

Recommendations For PolarSSL versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. For PolarSSL versions prior to 1.2.9, update to version 1.2.9 or later to address the RSA-CRT implementation vulnerability. As a temporary workaround, consider restricting access to sensitive information handled by PolarSSL until a patch is applied.