GSKit
by IBM
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1388 | Hig | 0.49 | 7.5 | 0.02 | Feb 7, 2018 | GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212. | ||
| CVE-2018-1426 | Hig | 0.48 | 7.4 | 0.03 | Mar 22, 2018 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071. | ||
| CVE-2018-1427 | Med | 0.40 | 6.2 | 0.00 | Mar 22, 2018 | IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072. | ||
| CVE-2023-32342 | 0.00 | — | 0.01 | May 30, 2023 | IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain… | |||
| CVE-2013-6747 | 0.00 | — | 0.02 | Jan 27, 2014 | IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain. |
- risk 0.49cvss 7.5epss 0.02
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
- risk 0.48cvss 7.4epss 0.03
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
- risk 0.40cvss 6.2epss 0.00
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.
- CVE-2023-32342May 30, 2023risk 0.00cvss —epss 0.01
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain…
- CVE-2013-6747Jan 27, 2014risk 0.00cvss —epss 0.02
IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain.