Timing Attack Undermines XTS.NET Encryption
CVE-2024-11862

Currently unrated

Key Information:

Vendor: Devolutions
Status: Xts.net
Vendor: CVE Published:; 27 November 2024

What is CVE-2024-11862?

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks

Affected Version(s)

XTS.NET 0 < 2024.11.26

References

https://github.com/Devolutions/XTS.NET/security/advisorie...

Timeline

Vulnerability published
Nov 27, 2024
Vulnerability Reserved
Nov 27, 2024

Credit

Zer0x64 (Philippe Dugré)