Описание
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process could use this flaw extract plain text or, in some cases, downgrade any TLS connections to a vulnerable server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | nettle | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-nettle | Not affected | ||
| Red Hat Enterprise Linux 8 | nettle | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Will not fix | ||
| Red Hat Virtualization 4 | rhvm-appliance | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.7 Medium
CVSS3
Связанные уязвимости
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
A Bleichenbacher type side-channel based padding oracle attack was fou ...
4.7 Medium
CVSS3