Lucene search
HkarioH1:2269177HistoryDec 01, 2023 - 2:31 p.m.
Node.js: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)
2023-12-0114:31:40
hkario
hackerone.com
18
node.js
crypto library
privatedecrypt()
marvin attack
pkcs#1 v1.5
timing side-channel
rsa
json web encryption
bug bounty
A vulnerability in the privateDecrypt() API of the crypto library, allowed a covert timing side-channel during PKCS#1 v1.5 padding error handling.
The vulnerability revealed significant timing differences in decryption for valid and invalid ciphertexts.
This poses a serious threat as attackers could remotely exploit the vulnerability to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing Json Web Encryption messages.
Related
ubuntucve
ubuntucve
CVE-2023-46809
2024-02-19 00:00:00
redhatcve
redhatcve
CVE-2023-46809
2024-02-16 17:21:14
veracode
veracode
Timing Side Channel Attack
2024-02-21 19:07:23
debiancve
debiancve
CVE-2023-46809
2024-02-15 04:18:13
almalinux
almalinux
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
(RHSA-2024:1510) Important: nodejs:18 security update
2024-03-26 09:07:37
(RHSA-2024:1503) Important: nodejs:18 security update
2024-03-25 19:54:22
oraclelinux
oraclelinux
nodejs:18 security update
2024-03-26 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
nodejs:20 security update
2024-04-08 00:00:00
nessus
nessus
RHEL 9 : nodejs:18 (RHSA-2024:1503)
2024-03-25 00:00:00
RHEL 8 : nodejs:18 (RHSA-2024:1880)
2024-04-18 00:00:00
Rocky Linux 9 : nodejs:18 (RLSA-2024:1503)
2024-03-27 00:00:00
osv
osv
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-27 04:34:32
f5
f5
rocky
rocky
nodejs:18 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:35:34
nodejs:20 security update
2024-05-06 13:05:29
debian
debian
[SECURITY] [DLA 3776-1] nodejs security update
2024-03-27 00:40:58
openvas
openvas
Debian: Security Advisory (DLA-3776-1)
2024-03-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0733-1)
2024-03-01 00:00:00
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0586
2024-03-29 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0738
2024-03-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00