Lucene search
+L

33 matches found

redhat
redhat
added 2026/06/29 10:17 a.m.7 views

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References5
redhat
redhat
added 2026/06/25 6:37 p.m.7 views

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References5
osv
osv
added 2026/06/22 1:34 p.m.2 views

OPENSUSE-SU-2026:21144-1 Security update for mbedtls

This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 LTS maintenance update from 3.6.1; security fixes accumulated across the 3.6.2-3.6.6 releases: CVE-2024-49195 boo1231708: buffer underrun in pkwrite when writing an opaque key pair CVE-2025-27809 boo1240051:...

9.8CVSS6.4AI score0.0199EPSS
Exploits5References27
redhat
redhat
added 2026/06/16 4:53 p.m.5 views

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.9AI score0.00379EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/01 7:26 p.m.21 views

CVE-2026-5419 Gnutls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.8AI score0.00379EPSS
Exploits0References11
cvelist
cvelist
added 2026/06/01 7:26 p.m.38 views

CVE-2026-5419 Gnutls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS0.00379EPSS
Exploits0References11
redhat
redhat
added 2026/05/26 6:51 a.m.15 views

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS5.9AI score0.00379EPSS
Exploits0References5
redhat
redhat
added 2026/05/02 10:26 p.m.2 views

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

3.7CVSS6.1AI score0.00379EPSS
Exploits0References5
susecve
susecve
added 2025/07/24 11:22 p.m.6 views

SUSE CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

4CVSS6.8AI score0.00395EPSS
Exploits1References3
osv
osv
added 2025/07/20 7:15 p.m.4 views

DEBIAN-CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

3.7CVSS4.4AI score0.00395EPSS
Exploits1References1
snyk
snyk
added 2025/07/20 6:47 p.m.5 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel in block cipher padding removal. An attacker can recover plaintext data by exploiting timing discrepancies during decryption when PKCS7 padding mode is used. Remediation Upgrade mbedtls to version 3.6.4 or higher...

6.3CVSS6.9AI score0.00395EPSS
Exploits1References2
cvelist
cvelist
added 2025/07/20 12:0 a.m.21 views

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

4CVSS0.00395EPSS
Exploits1References2
astralinux
astralinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, where the removal of PKCS1 encryption padding is not implemented in a way that ensures side-channel resistance. This issue may lead to the potential leakage of private data...

5.9CVSS6.7AI score0.01156EPSS
Exploits1References3
amazon
amazon
added 2024/06/12 12:0 a.m.23 views

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

5.9CVSS5.9AI score0.01156EPSS
Exploits1
amazon
amazon
added 2024/06/12 12:0 a.m.5 views

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

5.9CVSS6.8AI score0.01156EPSS
Exploits1
nessus
nessus
added 2024/05/14 12:0 a.m.24 views

SUSE SLES12 Security Update : opensc (SUSE-SU-2024:1625-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1625-1 advisory. - CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS1 padding bsc1219386 Tenable has extracted the preceding...

5.9CVSS6.8AI score0.01156EPSS
Exploits1References4
nessus
nessus
added 2024/04/03 12:0 a.m.31 views

Amazon Linux 2023 : opensc (ALAS2023-2024-580)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-580 advisory. A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issue may result in the potential leak of private data...

5.9CVSS5.7AI score0.01156EPSS
Exploits1References6
nessus
nessus
added 2024/03/15 12:0 a.m.31 views

Fedora 38 : opensc (2024-b92d44f141)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

5.9CVSS6AI score0.01156EPSS
Exploits1References3
redhat
redhat
added 2024/02/26 2:23 a.m.8 views

OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

5.9CVSS5.7AI score0.01156EPSS
Exploits1References6
redhat
redhat
added 2024/02/26 2:19 a.m.7 views

OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

5.9CVSS5.7AI score0.01156EPSS
Exploits1References6
Rows per page
Query Builder