Astra Linux - уязвимость в nss

The NSS code used for checking PKCS1 v1.5 was leaking information useful for launching Bleichenbacher-style attacks. Both the overall correctness of the padding and the length of the encrypted message were exposed through timing side-channels. By sending a large number of ciphertexts selected by...

CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification. An attacker can bypass signature verification and inject forged signatures by...

Azure Linux 3.0 Security Update: opencryptoki (CVE-2024-0914)

The version of opencryptoki installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0914 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RS...

Medium: python-cryptography

Issue Overview: python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext. CVE-2020-25659 Affected Packages: python-cryptography Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed fo...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups DHEATATTACK bsc1230698 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

SUSE CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

openCryptoki Security Vulnerability

openCryptoki is openCryptoki open source a PKCS11 library and tool for Linux. A security vulnerability exists in openCryptoki that stems from the discovery of a timing side channel vulnerability when processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could also lead to unauthorized decryptio...

CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS1 v1.5 ciphertexts without having the...

PT-2024-19718 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.3 watchOS versions prior to 10.3 tvOS versions prior to 17.3 iOS versions prior to 17.3 iPadOS versions prior to 17.3 Description: A timing side-channel issue was addressed with improvements to constant-time...

DEBIAN-CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

Observable Discrepancy

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerabili...

SUSE CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

SUSE CVE-2018-16869

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases...

SUSE CVE-2019-11727

A vulnerability exists where it possible to force Network Security Services NSS to sign CertificateVerify with PKCS1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerabilit...