FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mbed TLS -- Local timing attack on RSA decryption

Affected packages
mbedtls < 2.14.1


VuXML ID 293f40a0-ffa1-11e8-b258-0011d823eebd
Discovery 2018-11-28
Entry 2018-12-14

Janos Follath reports:

An attacker who can run code on the same machine that is performing an RSA decryption can potentially recover the plaintext through a Bleichenbacher-like oracle.


CVE Name CVE-2018-19608