Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing side channel vulnerability in OpenSSL RSA decryption was discovered that could allow plaintext recovery. By measuring decryption time, an attacker could recover RSA plaintext from captured ciphertexts after a large number of decryption attempts. All RSA padding modes were affected. The...

OESA-2023-1431 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

OESA-2023-1430 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

F5 Networks BIG-IP : OpenSSL vulnerability (K000132943)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.5 / 17.1.1 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132943 advisory. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

QNAP QTS / QuTS hero Multiple Vulnerabilities in OpenSSL (QSA-23-15)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-15 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

AZL-31140 CVE-2022-4304 affecting package edk2 for versions less than 20230301gitf80f052277c8-42

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

AZL-13310 CVE-2022-4304 affecting package openssl for versions less than 1.1.1k-21

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...