CVE-2018-12404

5.9MEDIUM

Key Information:

Vendor: Mozilla
Status: Network Security Services (nss)
Vendor: CVE Published:; 2 May 2019

Summary

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Affected Version(s)

Network Security Services (NSS) All versions prior to NSS 3.41

References

http://www.securityfocus.com/bid/107260

vdb-entryx_refsource_BID

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2019
Vulnerability Reserved
Jun 14, 2018

.