CVE-2024-2236

ADVISORY - debian

Summary

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

libgcrypt20 (unimportant; bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065683) https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt https://people.redhat.com/~hkario/marvin/ https://dev.gnupg.org/T7136 https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17 Not in scope for libgcrypt security policy, work ongoing to add support in the protocol layer

EPSS Score⁠: 0.00163 (0.380)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-208⁠

Observable Timing Discrepancy

ADVISORY - redhat

CWE-208⁠

Observable Timing Discrepancy

CWE-385⁠

Covert Timing Channel

Impacted images

Advisories

Debian

CREATED

1 year ago

UPDATED

4 hours ago

ADVISORY IDCVE-2024-2236⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/libgcrypt20	deb	debian	12	>=1.10.1-3	Not yet available
debian/libgcrypt20	deb	debian	13	>=1.11.0-7	Not yet available
debian/libgcrypt20	deb	debian	unstable	>=1.11.0-7	Not yet available
debian/libgcrypt20	deb	debian	11	>=1.8.7-6	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

1 year ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-2236⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-208⁠

CVSS SCORE

5.9medium

Ubuntu

CREATED

1 year ago

UPDATED

6 days ago

ADVISORY IDCVE-2024-2236⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Alma

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDALSA-2024:9404⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY IDALAS2023-2024-736⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

1 year ago

UPDATED

4 months ago

ADVISORY IDCVE-2024-2236⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-208⁠CWE-385⁠

CVSS SCORE

5.9medium

Rocky

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDRLSA-2024:9404⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDELSA-2024-9404⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium