← Voltar para CVEs
CVE-2018-16868
MEDIUM5.6
Descricao
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Detalhes CVE
Pontuacao CVSS v3.15.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Vetor de ataquePHYSICAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado12/3/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
gnu:gnutls
Fraquezas (CWE)
CWE-203CWE-203
Referencias
http://cat.eyalro.net/(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html(secalert@redhat.com)
http://www.securityfocus.com/bid/106080(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868(secalert@redhat.com)
http://cat.eyalro.net/(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106080(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.