20 matches found
Astra Linux - уязвимость в nss
The NSS code used for checking PKCS1 v1.5 was leaking information useful for launching Bleichenbacher-style attacks. Both the overall correctness of the padding and the length of the encrypted message were exposed through timing side-channels. By sending a large number of ciphertexts selected by...
SUSE-SU-2025:20593-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262...
CLSA-2025-1744926159 Update of openssl
Backport the implicit rejection mechanism for RSA PKCS1 v1.5 to prevent Bleichenbacher attacks; add an option to disable the mechanism...
CVE-2025-0306
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...
SUSE-SU-2024:3872-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262...
openSUSE Security Advisory (SUSE-SU-2024:3765-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...
SUSE-SU-2024:3765-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...
CVE-2024-2467
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...
DEBIAN-CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
UBUNTU-CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
Design/Logic Flaw
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
Timing side-channel in PKCS#1 v1.5 decryption depadding code — Mozilla
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
SUSE CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
PT-2023-6220 · Mozilla +3 · Network Security Services +3
Name of the Vulnerable Software and Affected Versions: Network Security Services NSS versions prior to 3.61 Description: The issue is related to the implementation of the PKCS1 v1.5 standard in the NSS library, which was leaking information useful for mounting Bleichenbacher-like attacks through...
PT-2023-36151 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...