CVE-2024-0914 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-0914

CVE-2024-0914

January 31, 2024

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.

Related Resources (9)

https://people.redhat.com/~hkario/marvin/

https://access.redhat.com/errata/RHSA-2024:1411

https://access.redhat.com/errata/RHSA-2024:1992

https://bugzilla.redhat.com/show_bug.cgi?id=2260407

https://access.redhat.com/errata/RHSA-2024:1856

https://security-tracker.debian.org/tracker/CVE-2024-0914

https://access.redhat.com/errata/RHSA-2024:1239

https://access.redhat.com/errata/RHSA-2024:1608

https://access.redhat.com/security/cve/CVE-2024-0914

Do you need more information?

CVSS v4

Base Score:

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Observable Discrepancy

CWE-203

EPSS

Base Score:

0.23

Products

Solutions

Resources

Company

Compare

Developer Tools