Nettle
CVE-2018-16869
MEDIUM
Severity by source
AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
AnalysisAI
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-203. A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. Affected products include: Nettle Project Nettle.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces inco
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces inco
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. Rated critical severity (CVSS 9.8), th
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channe
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, ED
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity
Same weakness CWE-203 – Observable Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today