Описание
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libcrypt-openssl-rsa-perl | fixed | 0.35-1 | package | |
| libcrypt-openssl-rsa-perl | no-dsa | bookworm | package | |
| libcrypt-openssl-rsa-perl | no-dsa | bullseye | package | |
| libcrypt-openssl-rsa-perl | postponed | buster | package |
Примечания
https://people.redhat.com/~hkario/marvin/
https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
Fixed by: https://github.com/cpan-authors/Crypt-OpenSSL-RSA/commit/f986c31575f41107bfe66610cdf922d6858a36be (0.35)
Связанные уязвимости
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
