CVE-2006-4339

Priority
Description
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when
using an RSA key with exponent 3, removes PKCS-1 padding before generating
a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature
that is signed by that RSA key and prevents OpenSSL from correctly
verifying X.509 and other certificates that use PKCS #1.
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-09 23:56:06 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)