CVE-2018-16868 : A Bleichenbacher type side-channel based padding oracle attack was found in the

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Published 2018-12-03 14:29:00

Updated 2022-11-30 21:20:28

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2018-16868

GNU » Gnutls
Versions up to, including, (<=) 3.6.4
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-16868

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-16868

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:L/AC:M/Au:N/C:P/I:P/A:N	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
4.7	MEDIUM	CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N	0.3	4.0	Red Hat, Inc.
Attack Vector: Physical Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None
5.6	MEDIUM	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N	0.4	4.7	NIST
Attack Vector: Physical Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: Low Availability: None

CWE ids for CVE-2018-16868

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2018-16868

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html

[security-announce] openSUSE-SU-2019:1477-1: important: Security update
Broken Link;Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html

[security-announce] openSUSE-SU-2019:1353-1: important: Security update
Broken Link;Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/106080

GNU GnuTLS CVE-2018-16868 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868

1654929 – (CVE-2018-16868) CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification
Issue Tracking;Third Party Advisory
http://cat.eyalro.net/

404 Page not found | Eyal Ronen
Technical Description;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-16868

Products affected by CVE-2018-16868

Exploit prediction scoring system (EPSS) score for CVE-2018-16868

CVSS scores for CVE-2018-16868

CWE ids for CVE-2018-16868

References for CVE-2018-16868