Lucene search
K

23 matches found

OSV
OSV
added 2026/07/03 12:0 a.m.4 views

UBUNTU-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 6:13 p.m.13 views

CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-8004

Malware in sbrugna...

5.9CVSS5.9AI score0.00696EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/04/18 2:16 a.m.3 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/08 9:13 a.m.8 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.15 views

PT-2024-25007 · Unknown +1 · Rust-Openssl +1

Name of the Vulnerable Software and Affected Versions: rust-openssl affected versions not specified Description: A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve...

5.9CVSS6.7AI score0.00415EPSS
Exploits0References14
Oracle linux
Oracle linux
added 2024/03/08 12:0 a.m.27 views

opencryptoki security update

3.21.0-9 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22792...

5.9CVSS7.3AI score0.00878EPSS
Exploits0
OSV
OSV
added 2024/02/27 11:18 a.m.5 views

USN-6663-1 openssl update

As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks...

7.5CVSS6.7AI score0.01158EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/12/18 4:15 a.m.3 views

CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

5.9CVSS5.8AI score0.0059EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.9 views

PT-2023-36151 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...

7.2AI score
Exploits0References4
OSV
OSV
added 2022/03/18 2:15 p.m.1 views

DEBIAN-CVE-2022-24773

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...

5.3CVSS6.7AI score0.00875EPSS
Exploits0References1
OSV
OSV
added 2021/04/06 3:15 p.m.1 views

DEBIAN-CVE-2021-30130

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS1 v1.5 signature verification...

7.5CVSS7AI score0.01055EPSS
Exploits0References1
OSV
OSV
added 2021/01/12 3:15 p.m.5 views

AZL-34969 CVE-2020-25657 affecting package m2crypto for versions less than 0.38.0-3

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality...

5.9CVSS6.7AI score0.01727EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/21 12:0 a.m.10 views

Lennyniu Tlslite-ng Encryption Problem Vulnerability

Lennyniu Tlslite-ng is a Python-based codebase used to provide SSLv3.0, TLS 1.0, TLS 1.1 and TLS 1.2 by the individual developer Lennyniu. A cryptographically problematic vulnerability previously existed in tlslite-ng 0.7.6 and 0.8.0-alpha39, which stemmed from code that relied on data to perform...

7.5CVSS6.9AI score0.01276EPSS
Exploits1References7
NVD
NVD
added 2020/06/22 12:15 p.m.40 views

CVE-2020-14967

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...

9.8CVSS0.02592EPSS
Exploits1References6
Prion
Prion
added 2020/06/22 12:15 p.m.20 views

Memory corruption

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...

7.5CVSS9.6AI score0.02592EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2020/06/22 11:19 a.m.69 views

CVE-2020-14967

CVE-2020-14967 affects the jsrsasign package for Node.js prior to version 8.0.18. The RSA PKCS1 v1.5 decryption path does not detect ciphertext modifications when zeros are prepended to ciphertexts, allowing modified ciphertexts to be decrypted without error and potentially triggering memory corr...

9.8CVSS9.6AI score0.02592EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2018/11/30 12:0 a.m.7 views

PT-2018-2489 · Gnu +2 · Gnutls +2

Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 3.6.5 Description: The issue is related to an error in verifying decrypted RSA data, allowing an attacker to potentially access protected information through a side-channel cache attack. Specifically, a Bleichenbacher...

7.5CVSS5.9AI score0.58969EPSS
Exploits2References52
OSV
OSV
added 2018/09/26 9:29 p.m.3 views

ALPINE-CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

7.5CVSS6.8AI score0.01888EPSS
Exploits0References1
Rows per page
Query Builder