Timing Attack

Overview phpseclib/phpseclib is a PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. Affected versions of this package are vulnerable to Timing Attack via the AES algorithm in CBC mode. An attacker can recover sensitive information by exploiting timin...

Post-Quantum Security of Block Cipher Constructions

Block ciphers are versatile cryptographic ingredients that are used in a wide range of applications ranging from secure Internet communications to disk encryption. While post-quantum security of public-key cryptography has received significant attention, the case of symmetric-key cryptography and...

Linux Distros Unpatched Vulnerability : CVE-2023-5363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0124)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns durin...

OESA-2025-1191 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...

Siemens SIMATIC and SCALANCE Incorrect Provision of Specified Functionality (CVE-2023-5363)

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non- uniqueness, which could result i...

Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

Oracle Linux 9 : openssl (ELSA-2024-12093)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12093 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...

SUSE CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

AZL-42712 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

DEBIAN-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

OpenSSL Incorrect Cipher Key & IV Length Processing Vulnerability (20231024) - Windows

OpenSSL is prone to an incorrect processing of key and initialisation vector IV lengths vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

OpenSSL 3.0.0 < 3.0.12 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.12 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...

PT-2023-6818

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 and 3.1 Description A bug has been identified in the processing of key and initialisation vector IV lengths, potentially leading to truncation or overruns during the initialisation of some symmetric ciphers. This issue can...

CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT QuickAssist Technology and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even...

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

Padding-oracle attack on TLS CBC cipher mode

A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-8730. This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability,...