Описание
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.4.1-0ubuntu0.18.04.1 |
| cosmic | ignored | end of life |
| devel | not-affected | 3.4.1~rc1-1 |
| disco | not-affected | 3.4.1~rc1-1 |
| eoan | not-affected | 3.4.1~rc1-1 |
| esm-infra-legacy/trusty | ignored | change too intrusive |
| esm-infra/bionic | released | 3.4.1-0ubuntu0.18.04.1 |
| esm-infra/focal | not-affected | 3.4.1~rc1-1 |
| esm-infra/xenial | ignored | change too intrusive |
| focal | not-affected | 3.4.1~rc1-1 |
Показывать по
3.3 Low
CVSS2
5.7 Medium
CVSS3
Связанные уязвимости
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
A Bleichenbacher type side-channel based padding oracle attack was fou ...
3.3 Low
CVSS2
5.7 Medium
CVSS3