Side Channel Attack Vulnerability in NSS Encryption
CVE-2018-12404

5.9MEDIUM

Key Information:

Vendor

Mozilla
Status
Network Security Services (nss)
Vendor
CVE Published:
2 May 2019

What is CVE-2018-12404?

A vulnerability exists within the Network Security Services (NSS) that allows for cached side channel attacks during handshakes leveraging RSA encryption. This variant is similar to the Adaptive Chosen Ciphertext attack, also known as the Bleichenbacher attack. If exploited, it can potentially lead to the decryption of protected content, putting sensitive information at risk. Affected are all NSS versions before 3.41, emphasizing the need for immediate updates to mitigate these security concerns.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Network Security Services (NSS) All versions prior to NSS 3.41

References

http://www.securityfocus.com/bid/107260
vdb-entryx_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.