3242 matches found
CVE-2024-0202
CVE-2024-0202 concerns the cryptlib cryptographic library when compiled with RSA key exchange ciphersuites enabled (USE_RSA_SUITES) in TLS. The vulnerability is the timing variant of Bleichenbacher attack, permitting an attacker to decrypt RSA ciphertexts or forge signatures by making a large num...
PT-2024-15383
Name of the Vulnerable Software and Affected Versions cryptlib affected versions not specified Description A security issue has been identified in the cryptlib cryptographic library when it is compiled with support for RSA key exchange ciphersuites in TLS. This makes it vulnerable to the timing...
CLSA-2024-1706697909 java-1.8.0-openjdk: Fix of 8 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...
AZL-34206 CVE-2024-0914 affecting package opencryptoki 3.17.0-1
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
vantage6 vulnerable to username timing attack
Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...
GHSA-45GQ-Q4XH-CP53 vantage6 vulnerable to username timing attack
Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...
CVE-2024-21671 vantage6 username timing attack
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...
CVE-2024-21671 vantage6 username timing attack
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...
GHSA-WJ6H-64FC-37MP Minerva timing attack on P-256 in python-ecdsa
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...
Minerva timing attack on P-256 in python-ecdsa
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...
PT-2024-19822 · Pypi +1 · Ecdsa +1
Name of the Vulnerable Software and Affected Versions: ecdsa versions 0.18.0 and prior Description: The ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography, is affected by a Minerva timing attack on the P-256 curve. This attack can leak the internal nonce when usin...
GO-2024-2469 Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go
Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
SUSE CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
ALPINE-CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
AZL-34739 CVE-2024-0553 affecting package gnutls for versions less than 3.8.3-1
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...