Back to search
CVE-2017-1000385
Published: Dec 12, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-3571-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:0528
vendor-advisory
x_refsource_REDHAT
[erlang-questions] 20171123 Patch Package: OTP 18.3.4.7
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20171215 [SECURITY] [DLA 1207-1] erlang security update
mailing-list
x_refsource_MLIST
RHSA-2018:0242
vendor-advisory
x_refsource_REDHAT
https://robotattack.org/
x_refsource_MISC
[erlang-questions] 20171123 Patch Package: OTP 19.3.6.4
mailing-list
x_refsource_MLIST
DSA-4057
vendor-advisory
x_refsource_DEBIAN
RHSA-2018:0368
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0303
vendor-advisory
x_refsource_REDHAT
[erlang-questions] 20171123 Patch Package: OTP 20.1.7
mailing-list
x_refsource_MLIST
102197
vdb-entry
x_refsource_BID
VU#144389
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now