CVE-2018-16869 MEDIUM

CVE-2018-16869

Vendor [Unknown]
Product nettle
Weakness CWE-203
Published December 3, 2018
Last update August 5, 2024

CVSS base score

4.7/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Key dates

02Disclosure timeline

December 3, 2018 CVE published
August 5, 2024 Record updated