Buffer overflow

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097

CVE-2023-41097 concerns Silicon Labs Gecko SDK (GSDK) on ARM, where an Observable Timing Discrepancy could enable a Padding Oracle crypto attack against CBC PKCS7. Affected component is the GSDK up to and including version 4.4.0. The root cause is a timing discrepancy that leaks information durin...

CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

PT-2023-27783 · Silicon · Silabs Gsdk

Name of the Vulnerable Software and Affected Versions: Silabs GSDK versions through 4.4.0 Description: The issue is related to an Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM. This vulnerability potentially allows a Padding Oracle Crypto Attack on CBC...

DEBIAN-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

SUSE CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

Padre - Blazing Fast, Advanced Padding Oracle Exploit

padre is an advanced exploiter for Padding Oracle attacks against CBC mode encryption Features: blazing fast, concurrent implementation decryption of tokens encryption of arbitrary data automatic fingerprinting of padding oracles automatic detection of cipher block length HINTS! if failure occurs...

Rockwell Automation Stratix SSL Padding Oracle On Downgraded Legacy Encryption (CVE-2014-3566)

A vulnerability was publicly announced in the SSLv3 protocol when using a block cipher in CBC mode. The vulnerability exists because the block cipher padding is not covered by the message authentication code and exposes users to a potential man-in-the-middle attack that relies on padding oracles...

F5 Networks BIG-IP : OpenSSL vulnerability (K18549143)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.2.1 / 15.0.1.1. It is, therefore, affected by a vulnerability as referenced in the K18549143 advisory. If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, a...

F5 Networks BIG-IP : Nettle vulnerability (K45616155)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K45616155 advisory. - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion ...

Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products

Summary The Bouncy Castle Crypto Package For Java is used by IBM Application Performance Management. The vulnerabilities below have been addressed. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain...

Oracle Linux 7 : openssl (ELSA-2016-3556)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3556 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

Oracle Linux 7 : openssl (ELSA-2019-2304)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2304 advisory. - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle Tenable has extracted the preceding...

Oracle Linux 8 : openssl (ELSA-2020-1840)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1840 advisory. - fix CVE-2019-1547 - side-channel weak encryption vulnerability - fix CVE-2019-1563 - padding oracle in CMS API - fix CVE-2019-1549 - ensure fork safe...

Oracle Linux 6 : openssl (ELSA-2016-3558)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3558 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the...

GHSA-RM8V-MXJ3-5RMQ github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack

Summary Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability. Details On v2.0.10, decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding":...

github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack

Summary Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability. Details On v2.0.10, decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding":...

CVE-2023-2197

A flaw was found in HashiCorp Vault Enterprise, where it could allow a local authenticated attacker to obtain sensitive information caused by a flaw when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. By utilizing padding oracle attack techniques, an attacke...