Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-12402

Опубликовано: 09 июл. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 1.2
CVSS3: 4.4

Описание

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. Note: An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

РелизСтатусПримечание
bionic

released

2:3.35-2ubuntu2.9
devel

released

2:3.49.1-1ubuntu3
eoan

released

2:3.45-1ubuntu2.4
esm-infra-legacy/trusty

released

2:3.28.4-0ubuntu0.14.04.5+esm6
esm-infra/bionic

released

2:3.35-2ubuntu2.9
esm-infra/focal

released

2:3.49.1-1ubuntu1.2
esm-infra/xenial

released

2:3.28.4-0ubuntu0.16.04.12
focal

released

2:3.49.1-1ubuntu1.2
precise/esm

not-affected

2:3.28.4-0ubuntu0.12.04.9
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 29%
0.00102
Низкий

1.2 Low

CVSS2

4.4 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-12402

CVSS3: 4.4
redhat
больше 5 лет назад

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

nvd логотип

CVE-2020-12402

CVSS3: 4.4
nvd
больше 5 лет назад

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

debian логотип

CVE-2020-12402

CVSS3: 4.4
debian
больше 5 лет назад

During RSA key generation, bignum implementations used a variation of ...

suse-cvrf логотип

openSUSE-SU-2020:0955-1

suse-cvrf
больше 5 лет назад

Security update for mozilla-nss

suse-cvrf логотип

openSUSE-SU-2020:0953-1

suse-cvrf
больше 5 лет назад

Security update for mozilla-nss

EPSS

Процентиль: 29%
0.00102
Низкий

1.2 Low

CVSS2

4.4 Medium

CVSS3