Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 931108 (CVE-2024-2467)

Summary: dev-perl/Crypt-OpenSSL-RSA: Marvin Attack vulnerability (side-channel)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: perl
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
Whiteboard: B4 [upstream]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-05-03 04:29:38 UTC 
"A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode."