Sign In

CVE-2024-2236

ADVISORY - ubuntu

Summary

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

EPSS Score: 0.00684 (0.721)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-385

Covert Timing Channel

ADVISORY - redhat

CWE-208

Observable Timing Discrepancy

CWE-385

Covert Timing Channel

Impacted images

Advisories

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-2236
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow
PackageTypeOS NameOS VersionAffected RangesFix Versions
ubuntu/libgcrypt20debubuntu24.04>=0Not yet available
ubuntu/libgcrypt11debubuntu14.04>=0Not yet available
ubuntu/libgcrypt20debubuntu23.10>=0Not yet available
ubuntu/libgcrypt20debubuntu24.10>=0Not yet available
ubuntu/libgcrypt20debubuntu22.04>=0Not yet available
ubuntu/libgcrypt20debubuntu20.04>=0Not yet available
ubuntu/libgcrypt20debubuntu25.04>=0Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-2236
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-385

CVSS SCORE

5.9medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-2236
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Alma

CREATED

UPDATED

ADVISORY IDALSA-2024:9404
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2023-2024-736
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-2236
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-208CWE-385

CVSS SCORE

5.9medium

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2024:9404
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2024-9404
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-3v4g-fgjq-33xp

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY