CVE-2016-6489

Опубликовано: 20 июн. 2016

Источник: redhat

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1362016nettle: RSA/DSA code is vulnerable to cache-timing related attacks

EPSS

Процентиль: 82%

0.01684

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

CVE-2016-6489

CVSS3: 7.5

ubuntu

больше 8 лет назад

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CVE-2016-6489

CVSS3: 7.5

nvd

больше 8 лет назад

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CVE-2016-6489

CVSS3: 7.5

debian

больше 8 лет назад

The RSA and DSA decryption code in Nettle makes it easier for attacker ...

openSUSE-SU-2017:1533-1

suse-cvrf

больше 8 лет назад

Security update for libnettle

SUSE-SU-2017:1481-1

suse-cvrf

больше 8 лет назад

Security update for libnettle

EPSS

Процентиль: 82%

0.01684

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2