A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | nspr | 2021-07-08 18:41 | ALAS-2021-1522 |
Amazon Linux 2 - Core | nspr | 2020-11-09 21:02 | ALAS2-2020-1559 |
Amazon Linux 2 - Core | nss | 2020-11-09 21:02 | ALAS2-2020-1559 |
Amazon Linux 1 | nss-softokn | 2021-07-08 18:41 | ALAS-2021-1522 |
Amazon Linux 2 - Core | nss-softokn | 2020-11-09 21:02 | ALAS2-2020-1559 |
Amazon Linux 1 | nss-util | 2021-07-08 18:41 | ALAS-2021-1522 |
Amazon Linux 2 - Core | nss-util | 2020-11-09 21:02 | ALAS2-2020-1559 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 1.2 | AV:L/AC:H/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |