CVE-2023-41097

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

Buffer overflow

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

CVE-2023-41097

CVE-2023-41097 concerns Silicon Labs Gecko SDK (GSDK) on ARM, where an Observable Timing Discrepancy could enable a Padding Oracle crypto attack against CBC PKCS7. Affected component is the GSDK up to and including version 4.4.0. The root cause is a timing discrepancy that leaks information durin...

PT-2023-27783 · Silicon · Silabs Gsdk

Name of the Vulnerable Software and Affected Versions: Silabs GSDK versions through 4.4.0 Description: The issue is related to an Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM. This vulnerability potentially allows a Padding Oracle Crypto Attack on CBC...

php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API

The RSA decryption implementation using PKCS1 v1.5 padding in OpenSSL is vulnerable to a timing side-channel attack known as the Marvin Attack. This vulnerability arises because the execution time of the opensslprivatedecrypt function in PHP with OpenSSL varies based on whether a valid message is...

PT-2024-5790 · Openssl +6 · Openssl +6

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 8.1.29 PHP versions prior to 8.2.20 PHP versions prior to 8.3.8 Description: The issue is related to the openssl private decrypt function in PHP when using PKCS1 padding, which is the default. This makes PHP vulnerable t...

CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

DEBIAN-CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

Design/Logic Flaw

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

UBUNTU-CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

opensc security update

0.20.0-7 - Fix file caching with different offsets RHEL-4077 - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS1.5 padding...

PT-2023-31717 · Crypto++ +1 · Crypto++ +1

Name of the Vulnerable Software and Affected Versions: Crypto++ versions through 8.9.0 Description: The issue is related to a Marvin side channel during decryption with PKCS1 v1.5 padding. Recommendations: For versions through 8.9.0, update to a version that contains a fix for this issue to preve...

CVE-2023-50979

CVE-2023-50979 affects Crypto++ (cryptopp) up to version 8.9.0, introducing a Marvin side-channel leakage during decryption with PKCS#1 v1.5 padding. Multiple connected advisories confirm affected packages (e.g., libcryptopp/libcryptopp-devel) and note patches are available: openSUSE/SUSE advisor...

CVE-2023-50979

Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding...

UBUNTU-CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...