Side-Channel Attack

libgnutls.so is vulnerable to plain text recovery via cache-based side channel. An attacker is able to use a combination of Just in Time Prime+probe and Lucky-13 attacks to recover plain text using crafted packets in a cross-VM setting...

SUSE-SU-2018:2825-2 Security update for gnutls

This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846,...

Security update for gnutls (moderate)

This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen...

SUSE-SU-2018:2930-1 Security update for gnutls

This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen...

SUSE-SU-2018:2825-1 Security update for gnutls

This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846,...

Cross site scripting

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

FreeBSD : mbed TLS -- plaintext recovery vulnerabilities (f4876dd4-9ca8-11e8-aa17-0011d823eebd)

Simon Butcher reports : - When using a CBC based ciphersuite, a remote attacker can partially recover the plaintext. - When using a CBC based ciphersuite, an attacker with the ability to execute arbitrary code on the machine under attack can partially recover the plaintext by use of cache based...

CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

Privilege escalation

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

CVE-2018-0498

mbed TLS (ARM PolarSSL) vulnerability CVE-2018-0498 affects CBC-based ciphersuites and allows partial plaintext recovery via a cache-based side-channel attack. Affected versions are before 2.12.0, before 2.7.5, and before 2.1.14. Remediation is to upgrade to patched releases (e.g., 2.12.0+ and ne...

CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...

Debian: Security Advisory (DLA-1125-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1125-1 : botan1.10 security update

CVE-2017-14737 Fix of cache-based side channel attack, which could recover information about RSA secret keys. For Debian 7 'Wheezy', these problems have been fixed in version 1.10.5-1+deb7u4. We recommend that you upgrade your botan1.10 packages. NOTE: Tenable Network Security has extracted the...

[SECURITY] [DLA 1125-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u4 CVE ID : CVE-2017-14737 CVE-2017-14737 Fix of cache-based side channel attack, which could recover information about RSA secret keys. For Debian 7 "Wheezy", these problems have been fixed in version 1.10.5-1+deb7u4. We recommend that you upgrade your...

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

Design/Logic Flaw

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...

CVE-2017-14737

A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key...