CVE-2024-3296

Опубликовано: 04 апр. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.9

Описание

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
mantic	ignored	end of life, was needs-triage
noble	needs-triage
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 24%

0.00079

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2024-3296

CVSS3: 5.9

redhat

почти 2 года назад

CVE-2024-3296

CVSS3: 5.9

nvd

почти 2 года назад

CVE-2024-3296

CVSS3: 5.9

debian

почти 2 года назад

A timing-based side-channel flaw exists in the rust-openssl package, w ...

GHSA-w322-w9fv-rx3m

CVSS3: 5.9

github

почти 2 года назад

A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

EPSS

Процентиль: 24%

0.00079

Низкий

5.9 Medium

CVSS3

CVE-2024-3296

Описание

Пакет rust-openssl

Ссылки на источники

Связанные уязвимости