Vulnerability Details CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.6%
CVSS Severity
CVSS v3 Score 5.9
References
- https://access.redhat.com/errata/RHSA-2024:1239
- https://access.redhat.com/errata/RHSA-2024:1411
- https://access.redhat.com/errata/RHSA-2024:1608
- https://access.redhat.com/errata/RHSA-2024:1856
- https://access.redhat.com/errata/RHSA-2024:1992
- https://access.redhat.com/security/cve/CVE-2024-0914
- https://bugzilla.redhat.com/show_bug.cgi?id=2260407
- https://people.redhat.com/~hkario/marvin/
- https://access.redhat.com/errata/RHSA-2024:1239
- https://access.redhat.com/errata/RHSA-2024:1411
- https://access.redhat.com/errata/RHSA-2024:1608
- https://access.redhat.com/errata/RHSA-2024:1856
- https://access.redhat.com/errata/RHSA-2024:1992
- https://access.redhat.com/security/cve/CVE-2024-0914
- https://bugzilla.redhat.com/show_bug.cgi?id=2260407
- https://people.redhat.com/~hkario/marvin/
Products affected by CVE-2024-0914
-
cpe:2.3:a:opencryptoki_project:opencryptoki:-
-
cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.2
-
cpe:2.3:a:opencryptoki_project:opencryptoki:2.3.3
-
cpe:2.3:a:opencryptoki_project:opencryptoki:2.4.2
-
cpe:2.3:a:opencryptoki_project:opencryptoki:2.4.3
-
cpe:2.3:a:opencryptoki_project:opencryptoki:2.4.3.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.10.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.11.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.11.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.12.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.12.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.13.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.14.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.15.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.15.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.16.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.17.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.18.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.19.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.2
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.20.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.21.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.22.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.3
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.4
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.4.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.5
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.6
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.6.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.6.2
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.7.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.8.0
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.8.1
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.8.2
-
cpe:2.3:a:opencryptoki_project:opencryptoki:3.9.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0