Количество 12
Количество 12
CVE-2023-45287
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
CVE-2023-45287
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
CVE-2023-45287
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
CVE-2023-45287
Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...
GHSA-33qr-2xwr-95pw
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.
ELSA-2024-2239
ELSA-2024-2239: skopeo security update (MODERATE)
ELSA-2024-2272
ELSA-2024-2272: containernetworking-plugins security update (MODERATE)
ELSA-2024-2245
ELSA-2024-2245: buildah security update (MODERATE)
ELSA-2024-2193
ELSA-2024-2193: podman security update (MODERATE)
ELSA-2024-0748
ELSA-2024-0748: container-tools:4.0 security update (IMPORTANT)
ELSA-2024-2180
ELSA-2024-2180: runc security update (MODERATE)
ELSA-2024-2988
ELSA-2024-2988: container-tools:ol8 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-45287 Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2023-45287 Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2023-45287 Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-45287 Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ... | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-33qr-2xwr-95pw Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| ELSA-2024-2239 ELSA-2024-2239: skopeo security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2272 ELSA-2024-2272: containernetworking-plugins security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2245 ELSA-2024-2245: buildah security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2193 ELSA-2024-2193: podman security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-0748 ELSA-2024-0748: container-tools:4.0 security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-2180 ELSA-2024-2180: runc security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-2988 ELSA-2024-2988: container-tools:ol8 security update (MODERATE) | около 1 года назад |
Уязвимостей на страницу