TencentOS Server 4: perl-Crypt-OpenSSL-RSA (TSSA-2025:0464)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0464 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via discrepancies in processing invalid padding errors in legacy API mbedtlsciphercrypt and mbedtlscipherfinish functions and in the PSA Crypto API psacipherdecrypt and psacipherfinish functions when handling any other...

AZL-44739 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.33-1

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

AZL-43687 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.31-6

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

UBUNTU-CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

UBUNTU-CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...