CVE-2024-2236

ADVISORY - nist

Summary

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

EPSS Score⁠: 0.00222 (0.448)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-208⁠

Observable Timing Discrepancy

ADVISORY - redhat

CWE-208⁠

Observable Timing Discrepancy

CWE-385⁠

Covert Timing Channel

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.