VDB

GCVE-110-MAGEIA-2020-308

GCVE-110-MAGEIA-2020-308
Advisory Published
Vulnetix · Advisory published July 31, 2020
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information about the contents was leaked, but the length alone might be used to make inferences about the contents. This issue affects TLS CBC ciphersuites as well as CBC encryption using PKCS7 or other similar padding mechanisms. In all cases, the unpadding operations were already constant time and are not affected (rhbz#1849743).

Affected Products

VendorProductVersionsPlatforms
Mageiabotan20 (affected), 2.9.0-2.1.mga7 (unaffected)

Browse GCVE Records

73,280 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›