Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
EUVD-2025-1595 | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. |
Solution
No solution given by the vendor.
Workaround
See the following possible mitigations for this flaw: * Do not use the methods with PKCS#1v1.5 padding in network contexts. Make sure that any calls that happen, will perform OAEP decryption only. Do not support PKCS#1v1.5 encryption padding at all. * Use Ruby with a version of OpenSSL that has the implicit rejection mechanism implemented.(https://github.com/openssl/openssl/pull/13817, https://github.com/openssl/openssl/commit/7fc67e0a33102aa47bbaa56533eeecb98c0450f7 included in 3.2.0, backported to RHEL-8)
Fri, 21 Feb 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 13 Feb 2025 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 09 Jan 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 09 Jan 2025 04:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | |
Title | Ruby: openssl: ruby marvin attack | |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat storage |
|
Weaknesses | CWE-385 | |
CPEs | cpe:/a:redhat:storage:3 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat storage |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-09-25T17:09:52.516Z
Reserved: 2025-01-07T11:23:31.713Z
Link: CVE-2025-0306

Updated: 2025-02-21T18:03:34.267Z

Status : Awaiting Analysis
Published: 2025-01-09T04:15:13.000
Modified: 2025-02-21T18:15:19.290
Link: CVE-2025-0306


No data.