CVE-2018-16868
MEDIUMGnuTLS < 3.6.4 - Bleichenbacher Padding Oracle Attack via RSA PKCS#1 v1.5 Verification
Title source: llmDescription
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106080
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html
Technical Description, Third Party Advisory x_refsource_misc
http://cat.eyalro.net/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868
Scores
CVSS v3
5.6
EPSS
0.0004
EPSS Percentile
12.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Details
CWE
CWE-203
Status
published
Products (1)
gnu/gnutls
< 3.6.4
Published
Dec 03, 2018
Tracked Since
Feb 18, 2026