CVE-2018-16868 Information

Description

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

CVSS Vector

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Reference

http://cat.eyalro.net/ http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html http://www.securityfocus.com/bid/106080 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

NONE

Base Severity

5.6