25 matches found
Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal
...
CVE-2026-33662
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...
TencentOS Server 3: gnutls (TSSA-2024:0046)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0046 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2025-21482 Cryptographic Issues in Core
Cryptographic issue while performing RSA PKCS padding decoding...
CVE-2025-21482
CVE-2025-21482 describes a cryptographic issue in Qualcomm closed‑source components related to RSA PKCS padding decoding. The CVE is listed as High severity with Local attack vector, Low attack complexity, Low privileges required, and no user interaction, with impacts on Confidentiality and Integ...
PT-2025-39267
Name of the Vulnerable Software and Affected Versions Affected versions not specified Description A cryptographic issue exists during RSA PKCS padding decoding. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2023-5981
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...
Security update for opensc
This update for opensc fixes the following issues: CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...
Linux Distros Unpatched Vulnerability : CVE-2025-26695
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email...
SUSE-SU-2025:20530-1 Security update for opensc
This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386...
Security update for perl-Crypt-OpenSSL-RSA
This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for perl-Crypt-OpenSSL-RSA
This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
AZL-36965 CVE-2024-0914 affecting package opencryptoki for versions less than 3.24.0-3
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
UBUNTU-CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...