Описание
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | openssl | Not affected | ||
| Red Hat Enterprise Linux 4 | openssl096b | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Not affected | ||
| Red Hat Enterprise Linux 7 | openssl098e | Not affected | ||
| Red Hat JBoss Core Services | openssl | Affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | openssl | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1. ...
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Уязвимость функции проверки заполнения реализации AES-NI библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным
EPSS
4 Medium
CVSS2