CVE-2024-0914

CVSS V2 None CVSS V3 None
Description
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Overview
  • CVE ID
  • CVE-2024-0914
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-31T04:53:28.508Z
  • Last Modified Date
  • 2024-05-01T20:21:49.596Z
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2024:1239 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1411 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1608 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1856 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1992 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-0914 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2260407 issue-tracking x_refsource_REDHAT
https://people.redhat.com/~hkario/marvin/
History
Created Old Value New Value Data Type Notes
2024-06-26 10:09:58 Added to TrackCVE