Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-26306
HistoryMay 14, 2024 - 12:00 a.m.

CVE-2024-26306

2024-05-1400:00:00
ubuntu.com
ubuntu.com
1
iperf3
openssl
rsa
timing side channel
authentication
plaintext
timing attack

6.8 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with
RSA authentication, allows a timing side channel in RSA decryption
operations. This side channel could be sufficient for an attacker to
recover credential plaintext. It requires the attacker to send a large
number of messages for decryption, as described in “Everlasting ROBOT: the
Marvin Attack” by Hubert Kario.

6.8 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%