Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 12 Dec 2017 16:18:34 +0100
From: Hanno Böck <>
Subject: ROBOT attack (WolfSSL, Bouncy Castle, Erlang)


I published details about the ROBOT attack today, it's a couple of
minor variations of the old Bleichenbacher attack.
(Return Of Bleichenbacher's Oracle Threat)

It is mostly about proprietary appliances, but also affects three FOSS
TLS stacks.

The attack is based on the fact that an attacker can distinguish valid
and invalid RSA PKCS #1 v1.5 paddings based on different server

Erlang (CVE-2017-1000385):

WolfSSL (CVE-2017-13099):
(only a pull req for now, no new release yet)

Bouncy Castle (CVE-2017-13098):
1.59 beta 9 contains the fix:

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ