Side Channel Attack

2020-08-0621:38:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

nss is vulnerable to side channel attack. It is possible because of a flaw in ECDSA signature generation.

CPENameOperatorVersion
nss:3.12eq3.52-r0
nss:3.12eq3.52.1-r0
firefox:3.12eq76.0.1-r1
firefox:3.12eq76.0.1-r0
firefox:bioniceq59.0.2+build1
firefox:focaleq75.0+build3
firefox:xenialeq45.0.2+build1
nspreq4.21.0__1.el7
nspreq4.10.8__1.ael7b_1
nspreq4.10.8__2.ael7b_1

Name	Operator	Version
nss:3.12	eq	3.52-r0
nss:3.12	eq	3.52.1-r0
firefox:3.12	eq	76.0.1-r1
firefox:3.12	eq	76.0.1-r0
firefox:bionic	eq	59.0.2+build1
firefox:focal	eq	75.0+build3
firefox:xenial	eq	45.0.2+build1
nspr	eq	4.21.0__1.el7
nspr	eq	4.10.8__1.ael7b_1
nspr	eq	4.10.8__2.ael7b_1