Published: 31/01/2024 Updated: 25/04/2024

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencryptoki project opencryptoki
redhat enterprise linux 8.0
redhat enterprise linux 9.0

DescriptionA timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v15 padded ciphertexts This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private keyA timing side-channel vulnerability has been discovered ...

CWE-203 https://access.redhat.com/security/cve/CVE-2024-0914 https://bugzilla.redhat.com/show_bug.cgi?id=2260407 https://people.redhat.com/~hkario/marvin/https://access.redhat.com/errata/RHSA-2024:1239 https://access.redhat.com/errata/RHSA-2024:1411 https://access.redhat.com/errata/RHSA-2024:1608 https://access.redhat.com/errata/RHSA-2024:1856 https://access.redhat.com/errata/RHSA-2024:1992 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-0914

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-0914

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect