CVE-2018-16868
Summary
| CVE | CVE-2018-16868 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-03 14:29:00 UTC |
| Updated | 2022-11-30 21:20:00 UTC |
| Description | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
Risk And Classification
Problem Types: CWE-203
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2019:1353-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| 1654929 – (CVE-2018-16868) CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Your browser does not support frames. We recommend upgrading your browser. | MISC | cat.eyalro.net | Technical Description, Third Party Advisory |
| [security-announce] openSUSE-SU-2019:1477-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| GNU GnuTLS CVE-2018-16868 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.