CVE-2018-16869

CWE-20314 documents8 sources
Severity
5.7MEDIUM
EPSS
0.1%
top 71.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nettle Project Nettle[unknown] Nettle
Timeline
PublishedDec 3
Latest updateMay 13

Description

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:NExploitability: 0.5 | Impact: 4.7

Affected Packages4 packages

Debiannettle< 3.4.1~rc1-1+3
Ubuntunettle< 3.4.1-0ubuntu0.18.04.1+1
CVEListV5[unknown]/nettlen/a

🔴Vulnerability Details

4
GHSA
GHSA-575w-jrpq-q9xv: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v12022-05-13
OSV
nettle vulnerabilities2021-06-17
CVEList
CVE-2018-16869: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v12018-12-03
OSV
CVE-2018-16869: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v12018-12-03

📋Vendor Advisories

3
Ubuntu
Nettle vulnerabilities2021-06-17
Red Hat
nettle: Leaky data conversion exposing a manager oracle2018-11-30
Debian
CVE-2018-16869: nettle - A Bleichenbacher type side-channel based padding oracle attack was found in the ...2018

💬Community

6
Bugzilla
CVE-2018-16869 nettle: Leaky data conversion exposing a manager oracle [fedora-all]2018-12-12
Bugzilla
CVE-2018-16869 nettle: Leaky data conversion exposing a manager oracle [epel-6]2018-12-03
Bugzilla
CVE-2018-16869 mingw-nettle: nettle: Leaky data conversion exposing a manager oracle [epel-7]2018-12-03
Bugzilla
CVE-2018-16869 nettle: Leaky data conversion exposing a manager oracle [fedora-all]2018-12-03
Bugzilla
CVE-2018-16869 mingw-nettle: nettle: Leaky data conversion exposing a manager oracle [fedora-all]2018-12-03
CVE-2018-16869 (MEDIUM CVSS 5.7) | A Bleichenbacher type side-channel | cvebase.io