Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths
Vulnerability Description
A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1300
Vulnerability Title
pkcs11-provider 安全漏洞
Vulnerability Description
pkcs11-provider是oasis-open开源的一个 Openssl 3.x 提供程序,用于使用 PKCS#11 加密令牌接口访问硬件或软件令牌。 pkcs11-provider 存在安全漏洞,该漏洞源于应用存在类似 Bleichenbacher 的安全缺陷,可能对 PKCS#1 1.5 解密造成旁路攻击。
CVSS Information
N/A
Vulnerability Type
N/A