CVE-2018-12404

CWE-200 — Information Exposure11 documents8 sources

Severity

5.9MEDIUM

EPSS

14.5%

top 5.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Network Security Services Mozilla Network Security Services (nss)

Timeline

PublishedMay 2

Latest updateMay 24

Description

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶NVDmozilla/network_security_services< 3.41

▶Debiannss< 2:3.41-1+3

▶CVEListV5mozilla/network_security_services_(nss)All versions prior to NSS 3.41

🔴Vulnerability Details

GHSA

GHSA-54r4-cg3v-pxw7: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content↗2022-05-24

▶

CVEList

CVE-2018-12404: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content↗2019-05-02

▶

OSV

CVE-2018-12404: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content↗2019-05-02

▶

OSV

nss vulnerabilities↗2019-01-09

▶

📋Vendor Advisories

Ubuntu

NSS vulnerabilities↗2019-02-18

▶

Ubuntu

NSS vulnerabilities↗2019-01-09

▶

Red Hat

nss: Cache side-channel variant of the Bleichenbacher attack↗2018-11-30

▶

Debian

CVE-2018-12404: nss - A cached side channel attack during handshakes using RSA encryption could allow ...↗2018

▶

💬Community

Bugzilla

CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack [fedora-all]↗2019-01-09

▶

Bugzilla

CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack↗2018-12-10

▶