Metrics
Affected Vendors & Products
| Source | ID | Title | 
|---|---|---|
|  EUVD | EUVD-2025-1595 | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | 
Solution
No solution given by the vendor.
Workaround
See the following possible mitigations for this flaw: * Do not use the methods with PKCS#1v1.5 padding in network contexts. Make sure that any calls that happen, will perform OAEP decryption only. Do not support PKCS#1v1.5 encryption padding at all. * Use Ruby with a version of OpenSSL that has the implicit rejection mechanism implemented.(https://github.com/openssl/openssl/pull/13817, https://github.com/openssl/openssl/commit/7fc67e0a33102aa47bbaa56533eeecb98c0450f7 included in 3.2.0, backported to RHEL-8)
Fri, 21 Feb 2025 18:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Thu, 13 Feb 2025 00:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | threat_severity 
 | 
Thu, 09 Jan 2025 17:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Thu, 09 Jan 2025 04:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | |
| Title | Ruby: openssl: ruby marvin attack | |
| First Time appeared | Redhat Redhat enterprise Linux Redhat storage | |
| Weaknesses | CWE-385 | |
| CPEs | cpe:/a:redhat:storage:3 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 | |
| Vendors & Products | Redhat Redhat enterprise Linux Redhat storage | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-10-31T07:12:37.656Z
Reserved: 2025-01-07T11:23:31.713Z
Link: CVE-2025-0306
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-02-21T18:03:34.267Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-01-09T04:15:13.000
Modified: 2025-02-21T18:15:19.290
Link: CVE-2025-0306
 Redhat
                        Redhat
                     OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.