CVE-2024-2467

2024-04-2517:15:49

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-2467 cryptography unix openssl

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.1%

JSON

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

OSVersionArchitecturePackageVersionFilename
Debian12alllibcrypt-openssl-rsa-perl<= 0.33-3libcrypt-openssl-rsa-perl_0.33-3_all.deb
Debian11alllibcrypt-openssl-rsa-perl<= 0.31-1libcrypt-openssl-rsa-perl_0.31-1_all.deb
Debian10alllibcrypt-openssl-rsa-perl<= 0.31-1libcrypt-openssl-rsa-perl_0.31-1_all.deb
Debian999alllibcrypt-openssl-rsa-perl<= 0.33-3libcrypt-openssl-rsa-perl_0.33-3_all.deb
Debian13alllibcrypt-openssl-rsa-perl<= 0.33-3libcrypt-openssl-rsa-perl_0.33-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libcrypt-openssl-rsa-perl	<= 0.33-3	libcrypt-openssl-rsa-perl_0.33-3_all.deb
Debian	11	all	libcrypt-openssl-rsa-perl	<= 0.31-1	libcrypt-openssl-rsa-perl_0.31-1_all.deb
Debian	10	all	libcrypt-openssl-rsa-perl	<= 0.31-1	libcrypt-openssl-rsa-perl_0.31-1_all.deb
Debian	999	all	libcrypt-openssl-rsa-perl	<= 0.33-3	libcrypt-openssl-rsa-perl_0.33-3_all.deb
Debian	13	all	libcrypt-openssl-rsa-perl	<= 0.33-3	libcrypt-openssl-rsa-perl_0.33-3_all.deb