Lucene search
K

84 matches found

RedHat Linux
RedHat Linux
added 2024/07/22 1:12 a.m.5 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2024/06/05 10:5 a.m.2 views

SUSE CVE-2024-1394

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That function...

7.5CVSS7.5AI score0.01533EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/23 3:28 p.m.5 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 7 : perl-crypt-openssl-rsa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Crypt-OpenSSL-RSA: side-channel attack in PKCS1 v1.5 padding mode Marvin Attack CVE-2024-2467 Note that Nessus...

5.8AI score0.00516EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.19 views

RHEL 6 : perl-crypt-openssl-rsa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - perl-Crypt-OpenSSL-RSA: side-channel attack in PKCS1 v1.5 padding mode Marvin Attack CVE-2024-2467 Note that Nessus...

5.8AI score0.00516EPSS
Exploits0References1
NVD
NVD
added 2024/04/25 5:15 p.m.19 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.4AI score0.00516EPSS
Exploits0References4
OSV
OSV
added 2024/04/25 5:15 p.m.3 views

DEBIAN-CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.9AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2024/04/25 5:15 p.m.6 views

AZL-44739 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.33-1

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.2AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2024/04/25 5:15 p.m.23 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.3AI score0.00516EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/04/25 5:15 p.m.256 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.2AI score0.00516EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/25 4:45 p.m.81 views

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.6AI score0.00516EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/25 4:45 p.m.280 views

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.4AI score0.00516EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.2 views

Crypt-OpenSSL-RSA 安全漏洞

Crypt-OpenSSL-RSA is a library by the individual developer Todd Rinaldo. Crypt-OpenSSL-RSA suffers from a security vulnerability that stems from the presence of a timing-based side-channel flaw that is sufficient to recover plaintext over the network in a Bleichenbacher-style attack...

5.9CVSS6.8AI score0.00516EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/02 9:57 p.m.8 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.4 views

PT-2024-5167

Name of the Vulnerable Software and Affected Versions: perl-Crypt-OpenSSL-RSA affected versions not specified Description: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attac...

7.1CVSS5.7AI score0.00516EPSS
Exploits0References38
Amazon
Amazon
added 2023/07/25 12:0 a.m.4 views

Important: openssl-snapsafe

Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...

7.5CVSS6.8AI score0.73461EPSS
Exploits0
OSV
OSV
added 2023/07/15 11:5 a.m.3 views

OESA-2023-1430 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

5.9CVSS8.8AI score0.16195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.31 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/05 2:16 p.m.4 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.53 views

AlmaLinux 8 : edk2 (ALSA-2023:2932)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Rows per page
Query Builder