Lucene search

RedhatVULNRICHMENT:CVE-2024-2236

HistoryMar 06, 2024 - 10:07 p.m.

CVE-2024-2236 Libgcrypt: vulnerable to marvin attack

2024-03-0622:07:16

CWE-208

redhat

github.com

libgcrypt

marvin attack

timing-based

side-channel flaw

rsa implementation

decryption

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A timing-based side-channel flaw was found in libgcrypt’s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

References

access.redhat.com/security/cve/CVE-2024-2236

bugzilla.redhat.com/show_bug.cgi?id=2245218

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-2236