Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2018-12404

Published: 02/05/2019 Updated: 12/02/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Network Security Services

Vulnerability Summary

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Libgcrypt prior to 1.7.10 and 1.8.x prior to 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla network security services

Vendor Advisories

Red Hat: Moderate: nss, nss-softokn, nss-util, and nspr security, bug fix, and enhancement update
Synopsis Moderate: nss, nss-softokn, nss-util, and nspr security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a secu ...
Ubuntu Security Notice: nss vulnerabilities
Several security issues were fixed in NSS ...
Ubuntu Security Notice: nss vulnerabilities
Several security issues were fixed in NSS ...
Amazon Linux 2: ALAS2-2019-1305
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 341 (CVE-2018-12404) Libgcrypt before 1710 and 18x before 183 allows a memory-cache side-cha ...
Amazon Linux AMI: ALAS-2020-1355
A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss) While the attack complexity is high, the impact to confidentiality, integ ...

References

NVD-CWE-noinfohttps://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404http://www.securityfocus.com/bid/107260http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.htmlhttps://access.redhat.com/errata/RHSA-2019:2237https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://lists.debian.org/debian-lts-announce/2020/09/msg00029.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-040-04https://access.redhat.com/errata/RHSA-2019:2237https://nvd.nist.govhttps://usn.ubuntu.com/3850-2/https://alas.aws.amazon.com/AL2/ALAS-2019-1305.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook