"A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=553f459ee65a119c7652e380beeecb788f8828a7 commit 553f459ee65a119c7652e380beeecb788f8828a7 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-06-06 03:16:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-06-06 03:16:17 +0000 dev-perl/Crypt-OpenSSL-RSA: add 0.350.0 Bug: https://bugs.gentoo.org/931108 Signed-off-by: Sam James <sam@gentoo.org> .../Crypt-OpenSSL-RSA-0.350.0.ebuild | 38 ++++++++++++++++++++++ dev-perl/Crypt-OpenSSL-RSA/Manifest | 1 + 2 files changed, 39 insertions(+)
