CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References
Link Resource
http://cat.eyalro.net/ Technical Description Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html Broken Link Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html Broken Link Mailing List Third Party Advisory
http://www.securityfocus.com/bid/106080 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

History

30 Nov 2022, 21:20

Type Values Removed Values Added
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html - Mailing List, Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html - Broken Link, Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html - Mailing List, Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html - Broken Link, Mailing List, Third Party Advisory

Information

Published : 2018-12-03 14:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-16868

Mitre link : CVE-2018-16868

CVE.ORG link : CVE-2018-16868


JSON object : View

Products Affected

gnu

  • gnutls
CWE
CWE-203

Observable Discrepancy