CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868 Issue Tracking Third Party Advisory
http://cat.eyalro.net/ Technical Description Third Party Advisory
http://www.securityfocus.com/bid/106080 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html Broken Link Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html Broken Link Mailing List
Configurations

Configuration 1

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

Information

Published : 2018-12-03 02:29

Updated : 2022-11-30 09:20


NVD link : CVE-2018-16868

Mitre link : CVE-2018-16868

Products Affected
No products.
CWE