CVE-2024-0914
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2024
Last modified:
24/03/2026
Description
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:opencryptoki_project:opencryptoki:*:*:*:*:*:*:*:* | 3.23.0 (excluding) | |
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2024:1239
- https://access.redhat.com/errata/RHSA-2024:1411
- https://access.redhat.com/errata/RHSA-2024:1608
- https://access.redhat.com/errata/RHSA-2024:1856
- https://access.redhat.com/errata/RHSA-2024:1992
- https://access.redhat.com/security/cve/CVE-2024-0914
- https://bugzilla.redhat.com/show_bug.cgi?id=2260407
- https://people.redhat.com/~hkario/marvin/
- https://access.redhat.com/errata/RHSA-2024:1239
- https://access.redhat.com/errata/RHSA-2024:1411
- https://access.redhat.com/errata/RHSA-2024:1608
- https://access.redhat.com/errata/RHSA-2024:1856
- https://access.redhat.com/errata/RHSA-2024:1992
- https://access.redhat.com/security/cve/CVE-2024-0914
- https://bugzilla.redhat.com/show_bug.cgi?id=2260407
- https://people.redhat.com/~hkario/marvin/