Untriaged
Permalink
CVE-2023-6258
8.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths
A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.
References
- RHBZ#2251062 issue-tracking x_refsource_REDHAT
- https://github.com/latchset/pkcs11-provider/pull/308
- RHBZ#2251062 issue-tracking x_refsource_REDHAT
- https://github.com/latchset/pkcs11-provider/pull/308
- https://github.com/latchset/pkcs11-provider/pull/308
- RHBZ#2251062 issue-tracking x_refsource_REDHAT
- RHBZ#2251062 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/latchset/pkcs11-provider/pull/308 x_transferred
- RHBZ#2251062 issue-tracking x_refsource_REDHAT
- https://github.com/latchset/pkcs11-provider/pull/308
- RHBZ#2251062 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/latchset/pkcs11-provider/pull/308 x_transferred
Affected products
pkcs11-provider
- ==0.2
Matching in nixpkgs
pkgs.pkcs11-provider
OpenSSL 3.x provider to access hardware or software tokens using the PKCS#11 Cryptographic Token Interface
-
nixos-unstable -
- nixpkgs-unstable 1.0
Package maintainers
-
@numinit Morgan Jones <me+nixpkgs@numin.it>