CVE-2024-2467

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: perl-Crypt-OpenSSL-RSA (affected versions not specified)

Description: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-208

Related Identifiers

AZL-43687

AZL-44739

BDU:2024-05718

CVE-2024-2467

MGASA-2025-0287

OESA-2025-1673

OESA-2025-2001

OPENSUSE-SU-2025:15199-1

SUSE-SU-2025:01884-1

SUSE-SU-2025:01887-1

SUSE-SU-2025_01884-1

SUSE-SU-2025_01887-1

Affected Products

Debian

Red Os

Suse

Perl-Crypt-Openssl-Rsa

CVE-2024-2467

Weakness Enumeration

Related Identifiers

Affected Products

References · 34