Podatność CVE-2018-16870


Publikacja: 2019-01-03

Opis:
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.

Typ:

CWE-310

(Cryptographic Issues)

Producent: Wolfssl
Produkt: Wolfssl 
Wersje:
3.9.8
3.9.6
3.9.10
3.9.1
3.9.0
3.8.0
3.7.3
3.7.1
3.7.0
3.6.9
3.6.8
3.6.6
3.6.2
3.6.0
3.4.8
3.4.6
3.4.2
3.4.0
3.3.3
3.3.2
3.3.0
3.2.6
3.2.4
3.2.0
3.15.6
3.15.5
3.15.3
3.15.0
3.14.5
3.14.4
3.14.2
3.14.0
3.13.3
3.13.2
3.13.0
3.12.2
3.12.0
3.11.1
3.11.0
3.10.4
3.10.3
3.10.2
3.10.0a
3.10.0
3.1.0
3.0.2
3.0.0
2.9.4
2.9.2
2.9.1
2.9.0
2.8.6
2.8.5
2.8.4
2.8.3
2.8.2
2.8.0
2.7.2
2.7.0
2.6.2
2.6.0
2.5.2
2.5.0
2.4.7
2.4.6
2.4.2
2.4.0
2.3.0
2.2.2
2.2.1
2.2.0
2.1.4
2.1.2
2.1.1
2.0.8
2.0.6
2.0.3
2.0.2
1.9.0
1.8.8.0
0.5

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.3/10
2.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Brak
Brak

 Referencje:
http://cat.eyalro.net/
https://github.com/wolfSSL/wolfssl/pull/1950

Podobne CVE
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of si...
CVE-2019-16748
In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
CVE-2019-11873
wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of ...
CVE-2019-6439
examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...
CVE-2018-12436
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or...

Copyright 2019, cxsecurity.com

 

Back to Top