CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
A vulnerability in the PrivateDecrypt() function of the cryptographic library of the Node.js software platform is related to the following
use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS#1 v1.5.5 cryptography standard.
invalid ciphertexts based on the PKCS#1 v1.5 cryptography standard. Exploitation of the vulnerability allows an intruder acting as an attacker to exploit the vulnerability.
the vulnerability allows a remote attacker to realize a Bleichenbacher attack (Bleichenbacher)
or the Marvin attack