CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)

The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...

Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2022-4304)

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing side channel vulnerability in OpenSSL RSA decryption was discovered that could allow plaintext recovery. By measuring decryption time, an attacker could recover RSA plaintext from captured ciphertexts after a large number of decryption attempts. All RSA padding modes were affected. The...

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2023:2623-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2623-1 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a...

EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2023-2075)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-2001)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

AlmaLinux 8 : edk2 (ALSA-2023:2932)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1960)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

CentOS 8 : edk2 (CESA-2023:2932)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

AlmaLinux 9 : edk2 (ALSA-2023:2165)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2165 advisory. - Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. CVE-2021-38578 - A timing based side channel exists in t...

Rocky Linux 8 : openssl (RLSA-2023:1405)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2023:0581-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0581-1 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a...

Fedora 36 : openssl (2023-a5564c0a3f)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a5564c0a3f advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

Fedora 37 : openssl (2023-57f33242bc)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-57f33242bc advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

CVE-2022-4304 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

Amazon Linux AMI : openssl (ALAS-2023-1683)

The version of openssl installed on the remote host is prior to 1.0.2k-16.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1683 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover...

CVE-2022-4304

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...