The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
References
Link | Resource |
---|---|
http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions | Broken Link |
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf | Technical Description Third Party Advisory |
https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html | Third Party Advisory |
http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions | Broken Link |
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf | Technical Description Third Party Advisory |
https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 02:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions - Broken Link | |
References | () https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf - Technical Description, Third Party Advisory | |
References | () https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html - Third Party Advisory |
16 Aug 2023, 14:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
F5 traffix Signaling Delivery Controller
|
|
CPE | cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:* |
Information
Published : 2016-07-26 17:59
Updated : 2024-11-21 02:33
NVD link : CVE-2015-5738
Mitre link : CVE-2015-5738
CVE.ORG link : CVE-2015-5738
JSON object : View
Products Affected
marvell
- octeon_ii_cn6020
- octeon_ii_cn6000
- octeon_ii_cn6010
- software_development_kit
f5
- traffix_signaling_delivery_controller
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor