Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-3296

Published: 04/04/2024 Updated: 05/04/2024

Vulnerability Summary

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Vendor Advisories

Debian CVElist Bug Report Logs: rust-openssl: CVE-2024-3296
Debian Bug report logs - #1068418 rust-openssl: CVE-2024-3296 Package: src:rust-openssl; Maintainer for src:rust-openssl is Debian Rust Maintainers <pkg-rust-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Apr 2024 19:57:02 UTC Severity: important Tags: securi ...

References

CWE-203https://access.redhat.com/security/cve/CVE-2024-3296https://bugzilla.redhat.com/show_bug.cgi?id=2269723https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068418https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook