CVE-2018-16868

Опубликовано: 30 нояб. 2018

Источник: redhat

CVSS3: 4.7

Описание

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process could use this to extract plain text or, in some cases, downgrade any TLS connections to a vulnerable server.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	gnutls	Will not fix
Red Hat Enterprise Linux 6	gnutls	Will not fix
Red Hat Enterprise Linux 7	gnutls	Will not fix
Red Hat Enterprise Linux 8	gnutls	Not affected
Red Hat Enterprise Linux 8	mingw-gnutls	Not affected
Red Hat Virtualization 4	redhat-virtualization-host	Will not fix
Red Hat Virtualization 4	rhvm-appliance	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-203

https://bugzilla.redhat.com/show_bug.cgi?id=1654929gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2018-16868

CVSS3: 5.6

ubuntu

около 7 лет назад

CVE-2018-16868

CVSS3: 5.6

nvd

около 7 лет назад

CVE-2018-16868

CVSS3: 5.6

debian

около 7 лет назад

A Bleichenbacher type side-channel based padding oracle attack was fou ...

openSUSE-SU-2019:1477-1

suse-cvrf

больше 6 лет назад

Security update for gnutls

SUSE-SU-2019:1351-2

suse-cvrf

больше 6 лет назад

Security update for gnutls

4.7 Medium

CVSS3