Lucene search
HistoryJan 31, 2024 - 5:15 a.m.
CVE-2024-0914
cve-2024-0914
timing
side-channel
vulnerability
opencryptoki
rsa
pkcs#1 v1.5
ciphertext
decryption
signing
nvd
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Affected configurations
Node
opencryptoki_projectopencryptokiRange<3.23.0
Node
redhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| opencryptoki_project:opencryptoki | opencryptoki project opencryptoki | lt | 3.23.0 |
CNA Affected
[
{
"versions": [
{
"status": "affected",
"version": "3.0.0",
"lessThan": "3.23.0",
"versionType": "semver"
}
],
"packageName": "opencryptoki",
"collectionURL": "https://github.com/opencryptoki/opencryptoki",
"defaultStatus": "unaffected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.21.0-10.el8_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.17.0-6.el8_6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.19.0-3.el8_8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.21.0-9.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.19.0-3.el9_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "opencryptoki",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
}
]References
access.redhat.com/errata/RHSA-2024:1239
access.redhat.com/errata/RHSA-2024:1411
access.redhat.com/errata/RHSA-2024:1608
access.redhat.com/errata/RHSA-2024:1856
access.redhat.com/errata/RHSA-2024:1992
access.redhat.com/security/cve/CVE-2024-0914
bugzilla.redhat.com/show_bug.cgi?id=2260407
people.redhat.com/~hkario/marvin/
Related
prion
prion
Design/Logic Flaw
2024-01-31 05:15:00
rocky
rocky
opencryptoki security update
2024-04-05 14:55:53
nessus
nessus
RHEL 7 : opencryptoki (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : opencryptoki (Unpatched Vulnerability)
2024-05-11 00:00:00
AlmaLinux 8 : opencryptoki (ALSA-2024:1608)
2024-04-03 00:00:00
redhat
redhat
(RHSA-2024:1239) Moderate: opencryptoki security update
2024-03-07 20:29:07
(RHSA-2024:1992) Moderate: opencryptoki security update
2024-04-23 13:22:21
(RHSA-2024:1411) Moderate: opencryptoki security update
2024-03-19 16:35:22
debiancve
debiancve
CVE-2024-0914
2024-01-31 05:15:08
ubuntucve
ubuntucve
CVE-2024-0914
2024-01-31 00:00:00
osv
osv
Moderate: opencryptoki security update
2024-04-05 14:55:53
Moderate: opencryptoki security update
2024-03-07 00:00:00
Moderate: opencryptoki security update
2024-04-02 00:00:00
mageia
mageia
Updated opencryptoki packages fix security vulnerability
2024-04-27 09:26:16
redos
redos
ROS-20240410-23
2024-04-10 00:00:00
oraclelinux
oraclelinux
opencryptoki security update
2024-03-08 00:00:00
opencryptoki security update
2024-04-03 00:00:00
nvd
nvd
CVE-2024-0914
2024-01-31 05:15:08
ibm
ibm
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0152)
2024-04-29 00:00:00
openSUSE: Security Advisory for openCryptoki (SUSE-SU-2024:1447-1)
2024-05-07 00:00:00
redhatcve
redhatcve
CVE-2024-0914
2024-01-25 22:49:32
aix
aix
almalinux
almalinux
Moderate: opencryptoki security update
2024-03-07 00:00:00
Moderate: opencryptoki security update
2024-04-02 00:00:00
cvelist
cvelist
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.8%
Related for CVE-2024-0914