CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

libgcrypt Security Vulnerabilities

Libgcrypt is a general-purpose cryptographic library based on the GnuPG code from the US GNU community. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, and public key algorithms. A security vulnerability exists in libgcrypt, which ste...

PT-2024-2174 · Libgcrypt +4 · Libgcrypt +4

Name of the Vulnerable Software and Affected Versions: libgcrypt affected versions not specified Description: A timing-based side-channel flaw was found in libgcrypt's RSA implementation, which may allow a remote attacker to initiate a Bleichenbacher-style attack. This can lead to the decryption ...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:0732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0732-1 advisory. - A vulnerability in the privateDecrypt API of the crypto library, allowed a covert timing side-channel during PKCS1 v1.5 padding...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozilla-nss (SUSE-SU-2024:0597-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0597-1 advisory. - It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether...

SUSE SLES15 Security Update : mozilla-nss (SUSE-SU-2024:0579-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0579-1 advisory. - It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA...

SUSE SLES12 Security Update : mozilla-nss (SUSE-SU-2024:0578-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0578-1 advisory. - It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA...

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

PT-2024-2706

Name of the Vulnerable Software and Affected Versions: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched Description: The issue is related to the use of hidden side channels in the PrivateDecrypt function of th...

CVE-2024-0202

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

CVE-2024-0202

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

Security feature bypass

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

CVE-2024-0202 Cryptlib: rsa key exchange ciphersuites in tls vulnerable to marvin attack

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

Marvin Attack

jsrsasign is vulnerable to the Marvin Attack. The vulnerability is due to timing leakage in the bit size of raw RSA decryption. This flaw can provide a timing oracle, enabling a timing variant of the Bleichenbacher attack...

Amazon Linux AMI : nss-softokn (ALAS-2024-1907)

The version of nss-softokn installed on the remote host is prior to 3.53.1-6.49. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1907 advisory. It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of t...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

Medium: nss

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

Medium: nss

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...