NuytsTech Security

CVE-2024-0914

by ·

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.

More information : https://access.redhat.com/errata/RHSA-2024:1239

Attack vector : NETWORK
Attack complexity : HIGH
Privileges required : NONE
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : NONE
Base score : 5.9
Base severity : MEDIUM
Exploitability score : 2.2
Impact score : 3.6

Tags: