The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < 26c08dabe5475d99a13f353d8dd70e518de45663 |
| n/a | n/a | < 16.0.17328.20424 |