CVE-2018-16868 — MEDIUM (5.6)

Q: How severe is CVE-2018-16868?

CVE-2018-16868 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16868?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls.

Vulnerability Description

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnu	Gnutls	<= 3.6.4

Related Weaknesses (CWE)

CWE-203

References

http://cat.eyalro.net/Technical DescriptionThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.htmlBroken LinkMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.htmlBroken LinkMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106080Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868Issue TrackingThird Party Advisory
http://cat.eyalro.net/Technical DescriptionThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.htmlBroken LinkMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.htmlBroken LinkMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106080Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868Issue TrackingThird Party Advisory

FAQ

What is CVE-2018-16868?

CVE-2018-16868 is a vulnerability with a CVSS score of 5.6 (MEDIUM). A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same ph...

How severe is CVE-2018-16868?

CVE-2018-16868 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16868?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnutls.