NuytsTech Security

CVE-2024-0202

by ·

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server’s certificate.

More information : https://bugzilla.redhat.com/show_bug.cgi?id=2256518

Attack vector : NETWORK
Attack complexity : HIGH
Privileges required : NONE
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : NONE
Base score : 5.9
Base severity : MEDIUM
Exploitability score : 2.2
Impact score : 3.6

Tags: