213 matches found
CVE-2024-3296
CVE-2024-3296 involves the rust-openssl crate and a timing-based side-channel that could permit plaintext recovery over a network via a Bleichenbacher-style attack on the legacy PKCS#1v1.5 padding. An attacker would need to send many trial decryptions to achieve success. The connected documents c...
CVE-2024-3296
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...
rust-openssl 安全漏洞
rust-openssl is a library from Rust for interacting with the OpenSSL library. A security vulnerability exists in rust-openssl that stems from the presence of a timing-based side channel flaw...
CVE-2024-3296
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...
PT-2024-25007 · Unknown +1 · Rust-Openssl +1
Name of the Vulnerable Software and Affected Versions: rust-openssl affected versions not specified Description: A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve...
SUSE CVE-2018-20997
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...
Improper Certificate Validation in openssl
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...
GHSA-9XJR-M6F3-V5WM HTTPS MitM vulnerability due to lack of hostname verification
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...
RUSTSEC-2016-0001 SSL/TLS MitM vulnerability due to insecure defaults
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...
SSL/TLS MitM vulnerability due to insecure defaults
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...
PT-2016-4587 · Openssl · Rust-Openssl
Name of the Vulnerable Software and Affected Versions: rust-openssl versions prior to 0.9.0 Description: The issue is related to SSL/TLS man-in-the-middle attacks due to insecure defaults in the openssl crate for Rust. Specifically, certificate verification is off by default, and there is no API...
RUSTSEC-2016-0002 HTTPS MitM vulnerability due to lack of hostname verification
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...
HTTPS MitM vulnerability due to lack of hostname verification
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...