Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-2467

Published: 25/04/2024 Updated: 25/04/2024

Vulnerability Summary

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Vendor Advisories

Debian CVElist Bug Report Logs: libcrypt-openssl-rsa-perl: CVE-2024-2467: vulnerable to the Marvin Attack
Debian Bug report logs - #1066969 libcrypt-openssl-rsa-perl: CVE-2024-2467: vulnerable to the Marvin Attack Package: src:libcrypt-openssl-rsa-perl; Maintainer for src:libcrypt-openssl-rsa-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...

References

CWE-203https://access.redhat.com/security/cve/CVE-2024-2467https://bugzilla.redhat.com/show_bug.cgi?id=2269567https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42https://people.redhat.com/~hkario/marvin/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066969https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook