3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
5.7 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
38.8%
A Bleichenbacher type side-channel based padding oracle attack was found in
the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data.
An attacker who is able to run a process on the same physical core as the
victim process, could use this flaw extract plaintext or in some cases
downgrade any TLS connections to a vulnerable server.
Author | Note |
---|---|
mdeslaur | nettle changes are too intrusive to backport to stable releases |
cat.eyalro.net/
launchpad.net/bugs/cve/CVE-2018-16869
lists.debian.org/debian-lts/2019/03/msg00021.html
lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
nvd.nist.gov/vuln/detail/CVE-2018-16869
security-tracker.debian.org/tracker/CVE-2018-16869
ubuntu.com/security/notices/USN-4990-1
www.cve.org/CVERecord?id=CVE-2018-16869
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
5.7 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
38.8%