ALT-PU-2016-2144-1
Closed vulnerabilities
Published: 2017-04-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-6489
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- RHSA-2016:2582
- RHSA-2016:2582
- [oss-security] 20160729 Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks
- [oss-security] 20160729 Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks
- USN-3193-1
- USN-3193-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1362016
- https://bugzilla.redhat.com/show_bug.cgi?id=1362016
- https://eprint.iacr.org/2016/596.pdf
- https://eprint.iacr.org/2016/596.pdf
- https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
- https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
- GLSA-201706-21
- GLSA-201706-21
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html