A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00109}

epss

{'score': 0.00098}


Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00089}

epss

{'score': 0.00109}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-12-03T14:00:00

Updated: 2024-08-05T10:32:54.146Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16868

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-03T14:29:00.333

Modified: 2024-11-21T03:53:29.250

Link: CVE-2018-16868

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-11-30T00:00:00Z

Links: CVE-2018-16868 - Bugzilla