CVE-2018-16868
Severity
5.6MEDIUM
EPSS
0.0%
top 87.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 3
Latest updateMay 13
Description
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
CVSS vector
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:NExploitability: 0.4 | Impact: 4.7
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-qjx3-4wr5-3c93: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1↗2022-05-13
CVEList▶
CVE-2018-16868: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1↗2018-12-03
OSV▶
CVE-2018-16868: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1↗2018-12-03
📋Vendor Advisories
2💬Community
6Bugzilla▶
CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [fedora-all]↗2018-12-13
Bugzilla▶
CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [fedora-all]↗2018-12-03
Bugzilla▶
CVE-2018-16868 mingw-gnutls: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [epel-7]↗2018-12-03
Bugzilla▶
CVE-2018-16868 gnutls30: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [epel-6]↗2018-12-03
Bugzilla▶
CVE-2018-16868 mingw-gnutls: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [fedora-all]↗2018-12-03