“All software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 v1.5,” OpenSSL said in its advisory. “This includes software that uses OpenSSL for SSL or TLS.” OpenSSL versions up to 0.9.7j and 0.9.8b are affected.

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and is used in security products from numerous vendors.