Side Channel Attack Vulnerability in NSS Encryption
CVE-2018-12404

5.9MEDIUM

Key Information:

Vendor: Mozilla
Status: Network Security Services (nss)
Vendor: CVE Published:; 2 May 2019

What is CVE-2018-12404?

A vulnerability exists within the Network Security Services (NSS) that allows for cached side channel attacks during handshakes leveraging RSA encryption. This variant is similar to the Adaptive Chosen Ciphertext attack, also known as the Bleichenbacher attack. If exploited, it can potentially lead to the decryption of protected content, putting sensitive information at risk. Affected are all NSS versions before 3.41, emphasizing the need for immediate updates to mitigate these security concerns.

Affected Version(s)

Network Security Services (NSS) All versions prior to NSS 3.41

References

http://www.securityfocus.com/bid/107260

vdb-entryx_refsource_BID

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

EPSS Score

41% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2019
Vulnerability Reserved
Jun 14, 2018

Mozilla

What is CVE-2018-12404?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline