CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

🗓️ 25 Apr 2024 16:45:02Reported by redhatType

CVE-2024-2467 Perl-crypt-openssl-rsa side-channel attack in pkcs#1 v1.5 padding mod

Reporter	Title	Published	Views	Family All 45
Tenable Nessus	Amazon Linux 2 : perl-Crypt-OpenSSL-RSA (ALAS-2025-2942)	31 Jul 202500:00	–	nessus
Tenable Nessus	Fedora 41 : perl-Crypt-OpenSSL-RSA (2025-043b7fdbaf)	27 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 42 : perl-Crypt-OpenSSL-RSA (2025-52b352c9cd)	26 Jun 202500:00	–	nessus
Tenable Nessus	RHEL 6 : perl-crypt-openssl-rsa (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : perl-crypt-openssl-rsa (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : perl-Crypt-OpenSSL-RSA (SUSE-SU-2025:01884-1)	27 Jun 202500:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : perl-Crypt-OpenSSL-RSA (SUSE-SU-2025:01887-1)	27 Jun 202500:00	–	nessus
Tenable Nessus	TencentOS Server 4: perl-Crypt-OpenSSL-RSA (TSSA-2025:0464)	20 Nov 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-2467	5 Mar 202500:00	–	nessus
Amazon	Medium: perl-Crypt-OpenSSL-RSA	30 Jul 202500:00	–	amazon

[
  {
    "packageName": "perl-Crypt-OpenSSL-RSA",
    "collectionURL": "https://github.com/toddr/Crypt-OpenSSL-RSA",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "perl-Crypt-OpenSSL-RSA",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "perl-Crypt-OpenSSL-RSA",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "perl-Crypt-OpenSSL-RSA",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "perl-Crypt-OpenSSL-RSA",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
people	www.people.redhat.com/~hkario/marvin/
access	www.access.redhat.com/security/cve/CVE-2024-2467
github	www.github.com/toddr/Crypt-OpenSSL-RSA/issues/42
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

25 Feb 2026 19:31Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.9

EPSS0.00068

CWE-208