The vulnerability of the Libgcrypt cryptographic library lies in the insufficient protection of service data due to timing differences, allowing attackers to execute the Bleichenbacher attack or the Marvin attack.

🗓️ 18 Mar 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Libgcrypt vulnerability due to timing-based data protection weaknesses enables remote Bleichenbacher or Marvin attacks.

Reporter	Title	Published	Views	Family All 100
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access	5 Jan 202600:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues	15 Apr 202503:13	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in multiple components affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products	30 Jun 202513:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	2 Sep 202514:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Base OS issues	2 Apr 202517:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak	21 Jan 202520:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database	21 Jan 202610:51	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities were discovered in IBM Application Gateway	4 Jun 202523:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to Kerberos 5, OpenSSL, libexpat, golang-jwt, and GnuPG Libgcrypt	6 Dec 202412:00	–	ibm
Tenable Nessus	Amazon Linux 2023 : libgcrypt, libgcrypt-devel (ALAS2023-2024-736)	14 Oct 202400:00	–	nessus

Vulners

Node

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

novell suse_linux_enterprise_serverMatch12-ltss

OR

novell suse_linux_enterprise_server_for_sap_applicationsMatch15

OR

novell suse_linux_enterprise_serverMatch15-ltss

OR

novell suse_linux_enterprise_server_for_sap_applicationsMatch12

OR

novell suse_linux_enterprise_desktopMatch12

OR

novell suse_linux_enterprise_serverMatch12

OR

novell suse_linux_enterprise_serverMatch15

OR

red_hat red_hat_enterprise_linuxMatch9

OR

novell suse_linux_enterprise_desktopMatch15

OR

fedora fedoraMatch41

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-2236
security-tracker	www.security-tracker.debian.org/tracker/CVE-2024-2236
suse	www.suse.com/ko-kr/security/cve/CVE-2024-2236.html
bodhi	www.bodhi.fedoraproject.org/updates/FEDORA-2024-9764fc1fc9
github	www.github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt
lists	www.lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024031137
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024031141
errata	www.errata.msvsphere-os.ru/definition/9/INFCSA-2024:9404

19 Nov 2025 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25.4

CVSS 35.9

EPSS0.01114

Libgcrypt vulnerability timing differences Bleichenbacher attack Marvin attack Remote attacker data protection