CVE-2020-12402
Public on 2020-07-09
Modified on 2021-07-12
Description
A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | nspr | 2021-07-08 | ALAS-2021-1522 | Fixed |
| Amazon Linux 2 - Core | nspr | 2020-11-09 | ALAS2-2020-1559 | Fixed |
| Amazon Linux 2 - Core | nss | 2020-11-09 | ALAS2-2020-1559 | Fixed |
| Amazon Linux 1 | nss-softokn | 2021-07-08 | ALAS-2021-1522 | Fixed |
| Amazon Linux 2 - Core | nss-softokn | 2020-11-09 | ALAS2-2020-1559 | Fixed |
| Amazon Linux 1 | nss-util | 2021-07-08 | ALAS-2021-1522 | Fixed |
| Amazon Linux 2 - Core | nss-util | 2020-11-09 | ALAS2-2020-1559 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |
| NVD | CVSSv2 | 1.2 | AV:L/AC:H/Au:N/C:P/I:N/A:N |
| NVD | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |