Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-26306

Published: 14/05/2024 Updated: 14/05/2024

Vulnerability Summary

iPerf3 prior to 3.17, when used with OpenSSL prior to 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an malicious user to recover credential plaintext. It requires the malicious user to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Vendor Advisories

Debian CVElist Bug Report Logs: iperf3: CVE-2024-26306
Debian Bug report logs - #1071751 iperf3: CVE-2024-26306 Package: src:iperf3; Maintainer for src:iperf3 is Roberto Lumbreras <rover@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 24 May 2024 15:00:01 UTC Severity: important Tags: security Reply or subscribe to this bug Toggle useless ...

References

https://github.com/esnet/iperf/releases/tag/3.17https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.aschttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071751https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook