An issue was found in nss before version 3.36.6. The TLS implementation exposes padding oracle in each of the three stages of handling PKCS #1 v1.5 padding https://nvd.nist.gov/vuln/detail/CVE-2018-12404