CVE-2018-12404
published 2019-05-02CVE-2018-12404: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive…
medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nss | < nss 2:3.41-1 (bookworm) | nss 2:3.41-1 (bookworm) |
| mozilla | network_security_services | < 3.41 | 3.41 |
| mozilla | network_security_services | — | — |
| mozilla | nss | >= 0 < 2:3.41-1 | 2:3.41-1 |
| mozilla | nss | >= 0 < 2:3.41-1 | 2:3.41-1 |
| mozilla | nss | >= 0 < 2:3.41-1 | 2:3.41-1 |
| mozilla | nss | >= 0 < 2:3.41-1 | 2:3.41-1 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.14.04.4 | 2:3.28.4-0ubuntu0.14.04.4 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.16.04.4 | 2:3.28.4-0ubuntu0.16.04.4 |
| mozilla | nss | >= 0 < 2:3.35-2ubuntu2.1 | 2:3.35-2ubuntu2.1 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM