openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

CVE-2026-42768

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

CVE-2026-42768

The CVE-2026-42768 issue concerns Bleichenbacher-style side-channel attacks against CMS_decrypt() and PKCS7_decrypt() in OpenSSL. The vulnerability arises when processing CMS or S/MIME messages with multiple RecipientInfo entries (KTRI). In variant 1, decryption is attempted without a recipient c...

UBUNTU-CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

EUVD-2017-8471

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-13099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover th...

SUSE-SU-2023:4952-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange bsc1208143. - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange bsc1217277...

Siemens SCALANCE W1750D Cryptographic Issues (CVE-2017-13099)

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ROBOT. This plugin only works with Tenable.ot...

K05909237: BouncyCastle Java crypto vulnerability CVE-2017-13098

Security Advisory Description BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private...

SUSE CVE-2017-13099

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...

SUSE CVE-2017-13098

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...

GHSA-WRWF-PMMJ-W989 Observable Discrepancy in BouncyCastle

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...

Stmicroelectronics Stm32 Crypto Library Package Encryption Problem Vulnerability

The Stmicroelectronics Stm32 Crypto Library Package is a code library from Stmicroelectronics, Inc. that provides cryptographic functionality for the Stm32 family of microcontrollers. The Stmicroelectronics Stm32 Crypto Library Package is vulnerable to a cryptographic issue that could allow an...

EulerOS Virtualization 3.0.6.0 : nettle (EulerOS-SA-2020-1752)

According to the version of the nettle packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypte...

Huawei Data Communication: Multiple Vulnerabilities in IPsec IKE implementations of Huawei Firewall Products (huawei-sa-20180411-01-Bleichenbacher)

There is a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

Mbed TLS -- Local timing attack on RSA decryption

Janos Follath reports: An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle...

Updated bouncycastle packages fix security vulnerabilities

Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...