Lucene search
RedhatCVELIST:CVE-2024-0914HistoryJan 31, 2024 - 4:53 a.m.
CVE-2024-0914 Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
2024-01-3104:53:28
CWE-203
redhat
www.cve.org
1
opencryptoki
rsa
pkcs#1
side-channel
vulnerability
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.7%
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
CNA Affected
[
{
"versions": [
{
"status": "affected",
"version": "3.0.0",
"lessThan": "3.23.0",
"versionType": "semver"
}
],
"packageName": "opencryptoki",
"collectionURL": "https://github.com/opencryptoki/opencryptoki",
"defaultStatus": "unaffected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.21.0-10.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.17.0-6.el8_6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.19.0-3.el8_8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.21.0-9.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.19.0-3.el9_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
}
]References
access.redhat.com/errata/RHSA-2024:1239
access.redhat.com/errata/RHSA-2024:1411
access.redhat.com/errata/RHSA-2024:1608
access.redhat.com/errata/RHSA-2024:1856
access.redhat.com/errata/RHSA-2024:1992
access.redhat.com/security/cve/CVE-2024-0914
bugzilla.redhat.com/show_bug.cgi?id=2260407
people.redhat.com/~hkario/marvin/
Related
ubuntucve
ubuntucve
CVE-2024-0914
2024-01-31 00:00:00
prion
prion
Design/Logic Flaw
2024-01-31 05:15:00
rocky
rocky
opencryptoki security update
2024-04-05 14:55:53
nessus
nessus
RHEL 7 : opencryptoki (Unpatched Vulnerability)
2024-05-11 00:00:00
AlmaLinux 8 : opencryptoki (ALSA-2024:1608)
2024-04-03 00:00:00
RHEL 6 : opencryptoki (Unpatched Vulnerability)
2024-05-11 00:00:00
redhat
redhat
(RHSA-2024:1239) Moderate: opencryptoki security update
2024-03-07 20:29:07
(RHSA-2024:1992) Moderate: opencryptoki security update
2024-04-23 13:22:21
(RHSA-2024:1411) Moderate: opencryptoki security update
2024-03-19 16:35:22
debiancve
debiancve
CVE-2024-0914
2024-01-31 05:15:08
osv
osv
Moderate: opencryptoki security update
2024-04-05 14:55:53
Moderate: opencryptoki security update
2024-03-07 00:00:00
Moderate: opencryptoki security update
2024-04-02 00:00:00
mageia
mageia
Updated opencryptoki packages fix security vulnerability
2024-04-27 09:26:16
redos
redos
ROS-20240410-23
2024-04-10 00:00:00
oraclelinux
oraclelinux
opencryptoki security update
2024-03-08 00:00:00
opencryptoki security update
2024-04-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for openCryptoki (SUSE-SU-2024:1447-1)
2024-05-07 00:00:00
Mageia: Security Advisory (MGASA-2024-0152)
2024-04-29 00:00:00
almalinux
almalinux
Moderate: opencryptoki security update
2024-04-02 00:00:00
Moderate: opencryptoki security update
2024-03-07 00:00:00
nvd
nvd
CVE-2024-0914
2024-01-31 05:15:08
aix
aix
ibm
ibm
redhatcve
redhatcve
CVE-2024-0914
2024-01-25 22:49:32
cve
cve
CVE-2024-0914
2024-01-31 05:15:08
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.7%
Related for CVELIST:CVE-2024-0914