3 matches found
CVE-2018-0495
CVE-2018-0495 affects Libgcrypt prior to 1.7.10 and 1.8.x prior to 1.8.3. The root cause is a memory-cache side-channel (ROHNP) in the ECDSA signing path (_gcry_ecc_ecdsa_sign in cipher/ecc-ecdsa.c), enabling an attacker with local or co-resident VM access to recover ECDSA private keys. Mitigatio...
CVE-2015-7182
CVE-2015-7182: In Mozilla NSS, a heap-based overflow in the ASN.1 decoder (DER/BER handling) affects NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4. This can cause denial of service or possibly remote code execution via crafted OCTET ...
CVE-2013-1620
The CVE-2013-1620 entry concerns the TLS implementation in Mozilla NSS. It describes a timing-side‑channel flaw during a noncompliant CBC padding (MAC check) processing for malformed TLS records, allowing remote attackers to perform distinguishing attacks and plaintext-recovery through timing ana...