The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2016-2582.html - Third Party Advisory, VDB Entry | |
References | () http://www.openwall.com/lists/oss-security/2016/07/29/7 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.ubuntu.com/usn/USN-3193-1 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1362016 - Issue Tracking, Third Party Advisory, VDB Entry | |
References | () https://eprint.iacr.org/2016/596.pdf - Technical Description | |
References | () https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3 - Patch, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201706-21 - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory |
Information
Published : 2017-04-14 18:59
Updated : 2024-11-21 02:56
NVD link : CVE-2016-6489
Mitre link : CVE-2016-6489
CVE.ORG link : CVE-2016-6489
JSON object : View
Products Affected
redhat
- enterprise_linux_hpc_node
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
canonical
- ubuntu_linux
nettle_project
- nettle
CWE
CWE-203
Observable Discrepancy