Описание
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/bionic | ignored | backporting risks regression |
| esm-apps/focal | released | 3.7-3ubuntu0.1~esm2 |
| esm-apps/jammy | released | 3.9-1+deb11u1ubuntu0.1 |
| esm-apps/noble | released | 3.16-1ubuntu0.1~esm1 |
| esm-apps/xenial | ignored | backporting risks regression |
| focal | ignored | end of standard support, was needs-triage |
| jammy | released | 3.9-1+deb11u1ubuntu0.1 |
| mantic | ignored | end of life, was needs-triage |
| noble | needed |
Показывать по
5.9 Medium
CVSS3
Связанные уязвимости
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...
5.9 Medium
CVSS3