Описание
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1:20.0.4+dfsg-1ubuntu1.1 |
| devel | not-affected | 1:20.1.7+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1:16.b.3-dfsg-1ubuntu2.2 |
| esm-infra/xenial | released | 1:18.3-dfsg-1ubuntu3.1 |
| precise/esm | DNE | |
| trusty | released | 1:16.b.3-dfsg-1ubuntu2.2 |
| trusty/esm | released | 1:16.b.3-dfsg-1ubuntu2.2 |
| upstream | needs-triage | |
| xenial | released | 1:18.3-dfsg-1ubuntu3.1 |
| zesty | ignored | end of life |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
The Erlang otp TLS server answers with different TLS alerts to differe ...
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
Уязвимость интерпретатора языка программирования Erlang, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3