12 matches found
CVE-2026-35334
Possible NULL-Pointer Dereference in RSA Decryption...
UBUNTU-CVE-2026-35334
Possible NULL-Pointer Dereference in RSA Decryption...
OESA-2024-1729 iperf3 security update
Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. Security Fixes: iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a...
CVE-2023-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...
iPerf3 安全漏洞
iPerf3 is an ESnet open source tool for actively measuring the maximum achievable bandwidth on an IP network. A security vulnerability exists in iPerf3 versions prior to 3.17 that stems from allowing the use of a timed side channel in an RSA decryption operation, which could allow an attacker to...
kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...
PT-2024-2706
Name of the Vulnerable Software and Affected Versions: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched Description: The issue is related to the use of hidden side channels in the PrivateDecrypt function of th...
PT-2023-8446 · Jsrsasign · Jsrsasign
Name of the Vulnerable Software and Affected Versions: jsrsasign versions prior to 11.0.0 Description: The issue is related to an Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process in the jsrsasign package. An attacker can decrypt ciphertexts by exploiting this flaw, which i...
SUSE CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
ALPINE-CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Linux Nettle 输入验证错误漏洞
Linux Nettle is an American open source application for Linux. Contains a design that lends itself easily to a low-level cryptographic library in many cases. An input validation error vulnerability exists in Linux Nettle, which stems from the way the RSA decryption function improperly handles...
PT-2021-5781 · Nettle +9 · Nettle +9
Name of the Vulnerable Software and Affected Versions: Nettle affected versions not specified Description: A flaw was found in the way Nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application...