CVE-2018-12404

EUVD-2018-4378
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
mozillanetwork_security_services
𝑥
< 3.41
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nss
bionic
Fixed 2:3.35-2ubuntu2.1
released
cosmic
Fixed 2:3.36.1-1ubuntu1.1
released
trusty
Fixed 2:3.28.4-0ubuntu0.14.04.4
released
xenial
Fixed 2:3.28.4-0ubuntu0.16.04.4
released
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
http://www.securityfocus.com/bid/107260
https://access.redhat.com/errata/RHSA-2019:2237
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
http://www.securityfocus.com/bid/107260
https://access.redhat.com/errata/RHSA-2019:2237
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html