A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
References
Configurations
History
25 Apr 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Apr 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Apr 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Mar 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Mar 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Feb 2024, 01:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
CWE | CWE-203 | |
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:opencryptoki_project:opencryptoki:*:*:*:*:*:*:*:* |
|
First Time |
Opencryptoki Project opencryptoki
Redhat enterprise Linux Redhat Opencryptoki Project |
|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2260407 - Issue Tracking, Patch | |
References | () https://people.redhat.com/~hkario/marvin/ - Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2024-0914 - Third Party Advisory |
31 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 05:15
Updated : 2024-04-25 17:15
NVD link : CVE-2024-0914
Mitre link : CVE-2024-0914
CVE.ORG link : CVE-2024-0914
JSON object : View
Products Affected
opencryptoki_project
- opencryptoki
redhat
- enterprise_linux
CWE
CWE-203
Observable Discrepancy