A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References
Link | Resource |
---|---|
http://cat.eyalro.net/ | Technical Description Third Party Advisory |
http://www.securityfocus.com/bid/106092 | Broken Link Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869 | Issue Tracking Third Party Advisory |
Configurations
History
03 Feb 2023, 14:25
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/106092 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2018-12-03 14:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-16869
Mitre link : CVE-2018-16869
CVE.ORG link : CVE-2018-16869
JSON object : View
Products Affected
nettle_project
- nettle
CWE
CWE-203
Observable Discrepancy