A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-04T13:47:24.183Z
Updated: 2024-08-01T20:05:08.371Z
Reserved: 2024-04-04T03:01:36.169Z
Link: CVE-2024-3296
Vulnrichment
Updated: 2024-08-01T20:05:08.371Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T14:15:11.080
Modified: 2024-04-05T12:15:37.777
Link: CVE-2024-3296
Redhat