CVE Vulnerability

CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

3.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.4 / Impact : 4.7

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868 Issue Tracking Third Party Advisory
http://cat.eyalro.net/ Technical Description Third Party Advisory
http://www.securityfocus.com/bid/106080 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html Broken Link Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html Broken Link Mailing List
Configurations

Configuration 1

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
Information

Published : 2018-12-03 02:29

Updated : 2022-11-30 09:20

NVD link : CVE-2018-16868

Mitre link : CVE-2018-16868

Products Affected
No products.
CWE
CWE-203