6 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-2408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is...
DEBIAN-CVE-2024-2408
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
CVE-2024-2408
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
CVE-2024-2408
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
CVE-2024-2408 PHP is vulnerable to the Marvin Attack
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
CVE-2024-2408
CVE-2024-2408 affects PHP’s openssl_private_decrypt with PKCS1 padding; requires OpenSSL 3.2+ (rsa_pkcs1_implicit_rejection) to mitigate the Marvin Attack. Several connected sources confirm patches exist in PHP Windows builds (8.1.29, 8.2.20, 8.3.8+) and OpenSSL backports across distributions. Re...