A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References
Link | Resource |
---|---|
http://cat.eyalro.net/ | Technical Description Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html | Broken Link Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html | Broken Link Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/106080 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868 | Issue Tracking Third Party Advisory |
Configurations
History
30 Nov 2022, 21:20
Type | Values Removed | Values Added |
---|---|---|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html - Broken Link, Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html - Broken Link, Mailing List, Third Party Advisory |
Information
Published : 2018-12-03 14:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-16868
Mitre link : CVE-2018-16868
CVE.ORG link : CVE-2018-16868
JSON object : View
Products Affected
gnu
- gnutls
CWE
CWE-203
Observable Discrepancy