Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24954
HistoryApr 10, 2020 - 1:09 a.m.

Information Disclosure

2020-04-1001:09:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15

0.005 Low

EPSS

Percentile

76.1%

openssl is vulnerable to information disclosure. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle.

References