RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle

Impact RSACrypt::decryptWithRSA15 used by the RSA15 key-encryption algorithm implements RSAES-PKCS1-v15 decryption by inspecting the padding after RSADP and throwing InvalidArgumentException as soon as the padding is malformed. It does not implement the implicit-rejection countermeasure required ...

Astra Linux - уязвимость в php8.1, php7.3

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

Astra Linux - уязвимость в ruby2.5

A vulnerability was discovered in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

Astra Linux – Vulnerability in Node.js

Node.js versions that bundle a unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL that is also unpatched are vulnerable to the Marvin attack – https://people.redhat.com/hkario/marvin/. This vulnerability occurs when performing RSA decryption using a private key,...

MiracleLinux 8 : iperf3-3.5-10.el8_10 (AXSA:2024-8525:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8525:01 advisory. iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option is used CVE-2024-26306 Tenable has...

MiracleLinux 9 : libgcrypt-1.10.0-11.el9 (AXSA:2024-9141:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9141:01 advisory. libgcrypt: vulnerable to Marvin Attack CVE-2024-2236 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : iperf3-3.9-13.el9 (AXSA:2024-9259:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9259:02 advisory. iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if the authentication option is used...

MGASA-2025-0287 Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

EUVD-2023-58486

Malicious code in bioql PyPI...

EUVD-2023-59133

Malicious code in bioql PyPI...

EUVD-2024-35858

Malicious code in bioql PyPI...

EUVD-2025-1595

Malicious code in bioql PyPI...

EUVD-2024-27360

Malicious code in bioql PyPI...

EUVD-2023-50975

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-50979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypto++ aka cryptopp through 8.9.0 has a Marvin side channel during decryption with PKCS1 v1.5 padding. CVE-2023-50979 Note that Nessus relies on the presence ...

Malicious code in allocab-marvin (npm)

The package allocab-marvin was found to contain malicious code...

Malicious code in marvin-nodejs-sdk (npm)

The package marvin-nodejs-sdk was found to contain malicious code...

MAL-2025-25978 Malicious code in marvin-nodejs-sdk (npm)

The package marvin-nodejs-sdk was found to contain malicious code...

MAL-2025-14324 Malicious code in allocab-marvin (npm)

The package allocab-marvin was found to contain malicious code...