Side Channel Attack Vulnerability in NSS Encryption
CVE-2018-12404

5.9MEDIUM

Key Information:

Vendor
Mozilla
Status
Network Security Services (nss)
Vendor
CVE Published:
2 May 2019

Summary

A vulnerability exists within the Network Security Services (NSS) that allows for cached side channel attacks during handshakes leveraging RSA encryption. This variant is similar to the Adaptive Chosen Ciphertext attack, also known as the Bleichenbacher attack. If exploited, it can potentially lead to the decryption of protected content, putting sensitive information at risk. Affected are all NSS versions before 3.41, emphasizing the need for immediate updates to mitigate these security concerns.

Affected Version(s)

Network Security Services (NSS) All versions prior to NSS 3.41

References

http://www.securityfocus.com/bid/107260
vdb-entryx_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.