CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

CVSS

No CVSS.

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-3296
https://bugzilla.redhat.com/show_bug.cgi?id=2269723

Configurations

No configuration.

History

05 Apr 2024, 12:15

Type	Values Removed	Values Added
Summary	A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.	A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

04 Apr 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-04 14:15

Updated : 2024-04-05 12:15

NVD link : CVE-2024-3296

Mitre link : CVE-2024-3296

JSON object : View

Products Affected

No product.

CWE

CWE-203

Observable Discrepancy

JSON object

Attach tags to CVE-2024-3296

Attach tags to `CVE-2024-3296`