CVE-2018-16868
4.7
CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | gnutls | n/a | affected |
Weaknesses
- CWE-203: CWE-203
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/106080
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html
- http://cat.eyalro.net/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868
References
- http://www.securityfocus.com/bid/106080
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html
- http://cat.eyalro.net/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.