QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12404

Published: May 2, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Vendor	Product	Versions
Mozilla	Network Security Services (NSS)	affected `All versions prior to NSS 3.41`

References

vdb-entry

x_refsource_BID

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404

x_refsource_MISC

openSUSE-SU-2019:1758

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update

mailing-list

x_refsource_MLIST

https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

x_refsource_CONFIRM

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.