{"api_version":"1","generated_at":"2026-04-22T23:29:20+00:00","cve":"CVE-2007-3108","urls":{"html":"https://cve.report/CVE-2007-3108","api":"https://cve.report/api/cve/CVE-2007-3108.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-3108","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-3108"},"summary":{"title":"CVE-2007-3108","description":"The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2007-08-08 01:17:00","updated_at":"2018-10-16 16:47:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.vupen.com/english/advisories/2008/2361","name":"ADV-2008-2361","refsource":"VUPEN","tags":[],"title":"VUPEN Security - Offensive Cyber Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26411","name":"26411","refsource":"SECUNIA","tags":[],"title":"rPath update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31489","name":"31489","refsource":"SECUNIA","tags":[],"title":"VMware ESXi OpenSSL Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/522-1/","name":"USN-522-1","refsource":"UBUNTU","tags":[],"title":"USN-522-1: openssl vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0813.html","name":"RHSA-2007:0813","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/724968","name":"VU#724968","refsource":"CERT-VN","tags":["US Government Resource"],"title":"VU#724968 - RSA key reconstruction vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0001.html","name":"http://www.vmware.com/security/advisories/VMSA-2008-0001.html","refsource":"CONFIRM","tags":[],"title":"VMSA-2008-0001.1 - VMware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28368","name":"28368","refsource":"SECUNIA","tags":[],"title":"VMware ESX Server Multiple Security Updates - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/485936/100/0/threaded","name":"20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193","name":"MDKSA-2007:193","refsource":"MANDRIVA","tags":[],"title":"Security Advisories | Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1571","name":"DSA-1571","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1571-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26893","name":"26893","refsource":"SECUNIA","tags":[],"title":"rPath update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0013.html","name":"http://www.vmware.com/security/advisories/VMSA-2008-0013.html","refsource":"CONFIRM","tags":[],"title":"VMSA-2008-0013.3 - VMware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984","name":"oval:org.mitre.oval:def:9984","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.vmware.com/pipermail/security-announce/2008/000002.html","name":"[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages","refsource":"MLIST","tags":[],"title":"[Security-announce] VMSA-2008-0001 Moderate OpenPegasus PAM\n Authentication Buffer Overflow and updated service console packages","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-1633","name":"https://issues.rpath.com/browse/RPL-1633","refsource":"CONFIRM","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.vupen.com/english/advisories/2008/2396","name":"ADV-2008-2396","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4010","name":"ADV-2007-4010","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27078","name":"27078","refsource":"SECUNIA","tags":[],"title":"Mandriva update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm","name":"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm","refsource":"CONFIRM","tags":[],"title":"ASA-2007-485 (RHSA-2007-0813)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-1613","name":"https://issues.rpath.com/browse/RPL-1613","refsource":"CONFIRM","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.securityfocus.com/archive/1/476341/100/0/threaded","name":"20070813 FLEA-2007-0043-1 openssl","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability","name":"http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability","refsource":"CONFIRM","tags":[],"title":"OpenSSL RSA key reconstruction vulnerability (CVE-2007-3108, VU#724968) | Blue Coat Systems, Inc.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml","name":"GLSA-200805-07","refsource":"GENTOO","tags":[],"title":"Linux Terminal Server Project: Multiple vulnerabilities — Gentoo Linux Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.attachmate.com/techdocs/2374.html","name":"http://support.attachmate.com/techdocs/2374.html","refsource":"CONFIRM","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/2362","name":"ADV-2008-2362","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27205","name":"27205","refsource":"SECUNIA","tags":[],"title":"Red Hat update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0064","name":"ADV-2008-0064","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27770","name":"27770","refsource":"SECUNIA","tags":[],"title":"Blue Coat Products OpenSSL RSA Key Reconstruction Weakness - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31467","name":"31467","refsource":"SECUNIA","tags":[],"title":"VMware updates for OpenSSL, net-snmp, and perl - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openssl.org/news/patch-CVE-2007-3108.txt","name":"http://openssl.org/news/patch-CVE-2007-3108.txt","refsource":"CONFIRM","tags":[],"title":"/err404.html","mime":"text/x-diff","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/2759","name":"ADV-2007-2759","refsource":"VUPEN","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0964.html","name":"RHSA-2007:0964","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27870","name":"27870","refsource":"SECUNIA","tags":[],"title":"Avaya Products OpenSSL Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://cvs.openssl.org/chngview?cn=16275","name":"http://cvs.openssl.org/chngview?cn=16275","refsource":"CONFIRM","tags":[],"title":"OpenSSL: CVS Web Interface","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/486859/100/0/threaded","name":"20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30161","name":"30161","refsource":"SECUNIA","tags":[],"title":"Gentoo ltsp Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27097","name":"27097","refsource":"SECUNIA","tags":[],"title":"Gentoo update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/27021","name":"27021","refsource":"SECUNIA","tags":[],"title":"Ubuntu update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31531","name":"31531","refsource":"SECUNIA","tags":[],"title":"Reflection for Secure IT Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200710-06.xml","name":"GLSA-200710-06","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  OpenSSL: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30220","name":"30220","refsource":"SECUNIA","tags":[],"title":"Debian OpenSSL Predictable Random Number Generator and Update - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/25163","name":"25163","refsource":"BID","tags":["Patch"],"title":"OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/27330","name":"27330","refsource":"SECUNIA","tags":[],"title":"Red Hat update for openssl - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-1003.html","name":"RHSA-2007:1003","refsource":"REDHAT","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/RGII-74KLP3","name":"http://www.kb.cert.org/vuls/id/RGII-74KLP3","refsource":"CONFIRM","tags":[],"title":"OpenSSL Information for VU#724968","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-3108","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3108","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"3108","vulnerable":"1","versionEndIncluding":"0.9.8e","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2007-3108","organization":"Red Hat","lastmodified":"2007-08-14","contributor":"Mark J Cox","statementText":"This paper describes a possible side-channel attack that hasn’t been proven outside of a lab environment. In reality many factors would make this harder to exploit. If exploited, a local user could obtain RSA private keys (for example for web sites being run on the server). We have rated this as affecting Red Hat products with moderate security severity. Although the OpenSSL team have produced a patch for this issue, it is non-trivial and will require more testing before we can deploy it in a future update. Our current plan is as follows: - To include a backported fix in an OpenSSL update as part of Enterprise Linux 4.6. This will get testing via beta and give time for more extensive internal and upstream testing - To release an update for OpenSSL for other platforms at the same time as 4.6 is released http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3108","cve_year":"2007","cve_id":"3108","crc32":"a50617a5"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2007-3108","qid":"390284","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2007-3108","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://secunia.com/advisories/26893","refsource":"MISC","name":"http://secunia.com/advisories/26893"},{"url":"http://secunia.com/advisories/31531","refsource":"MISC","name":"http://secunia.com/advisories/31531"},{"url":"http://support.attachmate.com/techdocs/2374.html","refsource":"MISC","name":"http://support.attachmate.com/techdocs/2374.html"},{"url":"http://www.vupen.com/english/advisories/2008/2396","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2008/2396"},{"url":"https://issues.rpath.com/browse/RPL-1633","refsource":"MISC","name":"https://issues.rpath.com/browse/RPL-1633"},{"url":"http://secunia.com/advisories/30161","refsource":"MISC","name":"http://secunia.com/advisories/30161"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml","refsource":"MISC","name":"http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"},{"url":"http://cvs.openssl.org/chngview?cn=16275","refsource":"MISC","name":"http://cvs.openssl.org/chngview?cn=16275"},{"url":"http://lists.vmware.com/pipermail/security-announce/2008/000002.html","refsource":"MISC","name":"http://lists.vmware.com/pipermail/security-announce/2008/000002.html"},{"url":"http://openssl.org/news/patch-CVE-2007-3108.txt","refsource":"MISC","name":"http://openssl.org/news/patch-CVE-2007-3108.txt"},{"url":"http://secunia.com/advisories/26411","refsource":"MISC","name":"http://secunia.com/advisories/26411"},{"url":"http://secunia.com/advisories/27021","refsource":"MISC","name":"http://secunia.com/advisories/27021"},{"url":"http://secunia.com/advisories/27078","refsource":"MISC","name":"http://secunia.com/advisories/27078"},{"url":"http://secunia.com/advisories/27097","refsource":"MISC","name":"http://secunia.com/advisories/27097"},{"url":"http://secunia.com/advisories/27205","refsource":"MISC","name":"http://secunia.com/advisories/27205"},{"url":"http://secunia.com/advisories/27330","refsource":"MISC","name":"http://secunia.com/advisories/27330"},{"url":"http://secunia.com/advisories/27770","refsource":"MISC","name":"http://secunia.com/advisories/27770"},{"url":"http://secunia.com/advisories/27870","refsource":"MISC","name":"http://secunia.com/advisories/27870"},{"url":"http://secunia.com/advisories/28368","refsource":"MISC","name":"http://secunia.com/advisories/28368"},{"url":"http://secunia.com/advisories/30220","refsource":"MISC","name":"http://secunia.com/advisories/30220"},{"url":"http://secunia.com/advisories/31467","refsource":"MISC","name":"http://secunia.com/advisories/31467"},{"url":"http://secunia.com/advisories/31489","refsource":"MISC","name":"http://secunia.com/advisories/31489"},{"url":"http://security.gentoo.org/glsa/glsa-200710-06.xml","refsource":"MISC","name":"http://security.gentoo.org/glsa/glsa-200710-06.xml"},{"url":"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm","refsource":"MISC","name":"http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm"},{"url":"http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability","refsource":"MISC","name":"http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability"},{"url":"http://www.debian.org/security/2008/dsa-1571","refsource":"MISC","name":"http://www.debian.org/security/2008/dsa-1571"},{"url":"http://www.kb.cert.org/vuls/id/724968","refsource":"MISC","name":"http://www.kb.cert.org/vuls/id/724968"},{"url":"http://www.kb.cert.org/vuls/id/RGII-74KLP3","refsource":"MISC","name":"http://www.kb.cert.org/vuls/id/RGII-74KLP3"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193","refsource":"MISC","name":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:193"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0813.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2007-0813.html"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-0964.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2007-0964.html"},{"url":"http://www.redhat.com/support/errata/RHSA-2007-1003.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2007-1003.html"},{"url":"http://www.securityfocus.com/archive/1/476341/100/0/threaded","refsource":"MISC","name":"http://www.securityfocus.com/archive/1/476341/100/0/threaded"},{"url":"http://www.securityfocus.com/archive/1/485936/100/0/threaded","refsource":"MISC","name":"http://www.securityfocus.com/archive/1/485936/100/0/threaded"},{"url":"http://www.securityfocus.com/archive/1/486859/100/0/threaded","refsource":"MISC","name":"http://www.securityfocus.com/archive/1/486859/100/0/threaded"},{"url":"http://www.securityfocus.com/bid/25163","refsource":"MISC","name":"http://www.securityfocus.com/bid/25163"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0001.html","refsource":"MISC","name":"http://www.vmware.com/security/advisories/VMSA-2008-0001.html"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0013.html","refsource":"MISC","name":"http://www.vmware.com/security/advisories/VMSA-2008-0013.html"},{"url":"http://www.vupen.com/english/advisories/2007/2759","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2007/2759"},{"url":"http://www.vupen.com/english/advisories/2007/4010","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2007/4010"},{"url":"http://www.vupen.com/english/advisories/2008/0064","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2008/0064"},{"url":"http://www.vupen.com/english/advisories/2008/2361","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2008/2361"},{"url":"http://www.vupen.com/english/advisories/2008/2362","refsource":"MISC","name":"http://www.vupen.com/english/advisories/2008/2362"},{"url":"https://issues.rpath.com/browse/RPL-1613","refsource":"MISC","name":"https://issues.rpath.com/browse/RPL-1613"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9984"},{"url":"https://usn.ubuntu.com/522-1/","refsource":"MISC","name":"https://usn.ubuntu.com/522-1/"}]}},"nvd":{"publishedDate":"2007-08-08 01:17:00","lastModifiedDate":"2018-10-16 16:47:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.2},"severity":"LOW","exploitabilityScore":1.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.8e","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"3108","Ordinal":"25731","Title":"CVE-2007-3108","CVE":"CVE-2007-3108","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"3108","Ordinal":"1","NoteData":"The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"3108","Ordinal":"2","NoteData":"2007-08-07","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"3108","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}