A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-12-03T14:00:00

Updated: 2024-08-05T10:32:54.146Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16868

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-03T14:29:00.333

Modified: 2024-11-21T03:53:29.250

Link: CVE-2018-16868

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-30T00:00:00Z

Links: CVE-2018-16868 - Bugzilla