CVE-2024-0914

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions opencryptoki (affected versions not specified)

Description A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. The vulnerability may allow a remote attacker to obtain sensitive information and use it to launch further attacks against the affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-385

Related Identifiers

ALSA-2024:1239

ALSA-2024:1608

AZL-34206

AZL-36965

BDU:2024-02839

CESA-2024_1608

CVE-2024-0914

MGASA-2024-0152

OESA-2026-1322

OPENSUSE-SU-2024:14195-1

OPENSUSE-SU-2024_1447-1

RHSA-2024:1239

RHSA-2024:1411

RHSA-2024:1608

RHSA-2024:1856

RHSA-2024:1992

RHSA-2024_1239

RHSA-2024_1608

RLSA-2024:1608

SUSE-SU-2024:1447-1

SUSE-SU-2024:2298-1

SUSE-SU-2024_1447-1

SUSE-SU-2024_2298-1

Affected Products

Almalinux

Centos

Debian

Ibm Aix

Red Hat

Red Os

Rocky Linux

Suse

Opencryptoki

CVE-2024-0914

Weakness Enumeration

Related Identifiers

Affected Products

References · 60