Описание
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Отчет
An attacker would have to be able to send a large number of trial messages to achieve successful decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OAEP, and RSASVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libgcrypt | Not affected | ||
| Red Hat Enterprise Linux 6 | libgcrypt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libgcrypt | Affected | ||
| Red Hat Enterprise Linux 8 | libgcrypt | Affected | ||
| Red Hat Enterprise Linux 9 | libgcrypt | Fixed | RHSA-2024:9404 | 12.11.2024 |
| Red Hat Enterprise Linux 9 | libgcrypt | Fixed | RHSA-2024:9404 | 12.11.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | libgcrypt | Fixed | RHSA-2025:3534 | 02.04.2025 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | libgcrypt | Fixed | RHSA-2025:3530 | 02.04.2025 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...
5.9 Medium
CVSS3