Timing Variant of Bleichenbacher Attack Affects Cryptlib Cryptographic Library
CVE-2024-0202

5.9MEDIUM

Key Information:

Vendor: Fedora
Status: cryptlib; Extra Packages for Enterprise Linux; Fedora
Vendor: CVE Published:; 5 February 2024

What is CVE-2024-0202?

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate.

Affected Version(s)

cryptlib 3.4.7

References

https://bugzilla.redhat.com/show_bug.cgi?id=2256518

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 2, 2024

Credit

This issue was discovered by Hubert Kario (Red Hat).

Fedora

What is CVE-2024-0202?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit