CVE-2017-1000385 — Observable Discrepancy in OTP
Severity
5.9MEDIUMNVD
OSV7.5
EPSS
83.9%
top 0.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 12
Latest updateMay 13
Description
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
4GHSA▶
GHSA-957c-5x9m-m7rv: The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1↗2022-05-13
OSV▶
CVE-2017-1000385: The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1↗2017-12-12
CVEList▶
CVE-2017-1000385: The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1↗2017-12-12
📋Vendor Advisories
3💬Community
2Bugzilla▶
CVE-2017-1000385 erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack [fedora-all]↗2017-12-04
Bugzilla▶
CVE-2017-1000385 erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack↗2017-12-04