A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
References
Configurations
No configuration.
History
05 Apr 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. |
04 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-04 14:15
Updated : 2024-04-05 12:15
NVD link : CVE-2024-3296
Mitre link : CVE-2024-3296
CVE.ORG link : CVE-2024-3296
JSON object : View
Products Affected
No product.
CWE
CWE-203
Observable Discrepancy