Описание
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Отчет
This vulnerability exists due to an incomplete fix for CVE-2020-25657.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | m2crypto | Out of support scope | ||
| Red Hat Enterprise Linux 7 | m2crypto | Out of support scope | ||
| Red Hat Enterprise Linux 8 | virt-who | Not affected | ||
| Red Hat Enterprise Linux 9 | pywbem | Not affected | ||
| Red Hat Enterprise Linux 9 | virt-who | Not affected | ||
| Red Hat Update Infrastructure 4 for Cloud Providers | m2crypto | Affected | ||
| Red Hat Virtualization 4 | m2crypto | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
A flaw was found in m2crypto. This issue may allow a remote attacker t ...
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
EPSS
7.5 High
CVSS3