Описание
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby3.3 | not-affected | package | ||
| ruby3.2 | removed | package | ||
| ruby3.1 | fixed | 3.1.2-8.4 | package | |
| ruby3.1 | ignored | bookworm | package | |
| ruby2.7 | removed | package | ||
| ruby2.7 | ignored | bullseye | package |
Примечания
First upload of OpenSSL 3.2 to unstable was 3.2.1-3 on 04 Apr 2024
https://bugzilla.redhat.com/show_bug.cgi?id=2336100
https://people.redhat.com/~hkario/marvin/
Using OpenSSL/3.2.0 or later does not guarantee to mitigate the issue in all
cases, but at least when using the default provider. It will be always up to
the application to properly defend against this attack vector.
EPSS
Связанные уязвимости
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.
EPSS