Design/Logic Flaw

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222...

Observable Discrepancy

Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the implementation of the SP Math All RSA when built with specific configuration options. An attacker can decrypt ciphertexts and forge signatures after probing with a large number of test observations...

DEBIAN-CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

UBUNTU-CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...

CLSA-2024-1707419801 Fix CVE(s): CVE-2023-5981

SECURITY UPDATE: timing side-channel in the RSA-PSK ClientKeyExchange - debian/patches/nettle-pk-randomness-level.patch: nettle/pk use the appropriate level of randomness for each operation. - debian/patches/pk-gnutlsswitchlibstate.patch: pk always use gnutlsswitchlibstate. -...

CentOS 8 : openssl (CESA-2023:1405)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

CentOS 8 : gnutls (CESA-2023:1569)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:1569 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key...

SUSE CVE-2023-6240

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-505)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-505 advisory. The upstream report describes this issue as follows: When installing a maliciously created Ansible role using 'ansible-galaxy role install', arbitrary files the user has access to can be...

m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

GHSA-3WW4-GG4F-JR7F Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

DEBIAN-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

Security feature bypass

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782 Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782 Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

CVE-2023-50781

CVE-2023-50781 affects the Python m2crypto library and relates to Bleichenbacher timing attacks against RSA decryption, enabling potential remote decryption of TLS traffic that uses RSA key exchanges. The vulnerability is tied to m2crypto’s RSA decryption API, with references noting this as an in...