Home

CVE-2018-12404

Description

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Risk Information

Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
33.537

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3336-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.35-2ubuntu2.1_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.35-2ubuntu2.1_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.36.1-1ubuntu1.1_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.36.1-1ubuntu1.1_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.14.04.4_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.14.04.4_amd64.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.16.04.4_i386.debLinux
Network Security Service library (USN-3850-1) libnss3_3.28.4-0ubuntu0.16.04.4_amd64.debLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Server 12-SP3 ) libfreebl3-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Server 12-SP3 ) libfreebl3-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreebl3-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreebl3-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) libsoftokn3-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-32bit-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debuginfo-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debuginfo-32bit-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nspr-debugsource-4.20-19.6.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-certs-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-debugsource-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-sysinit-debuginfo-32bit-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-tools-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) mozilla-nss-tools-debuginfo-3.40.1-58.18.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-60.4.0esr-109.55.1.x86_64.rpmLinux
SUSE-SU-2018:4236-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-60.4.0esr-109.55.1.x86_64.rpmLinux
CVE-2018-12404NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234