2245218 – (CVE-2024-2236) CVE-2024-2236 libgcrypt: vulnerable to Marvin Attack

Bug 2245218 (CVE-2024-2236) - CVE-2024-2236 libgcrypt: vulnerable to Marvin Attack

Summary: CVE-2024-2236 libgcrypt: vulnerable to Marvin Attack

Keywords:
Status:	NEW
Alias:	CVE-2024-2236
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2268268 (view as bug list)
Depends On:	2274128 2274129
Blocks:	2245213
TreeView+	depends on / blocked

Reported:	2023-10-20 07:00 UTC by Dhananjay Arunesh
Modified:	2024-04-30 15:27 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-10-20 07:00:57 UTC

Libgcrypt is vulnerable to the Marvin attack.

Comment 8 Robb Gatica 2024-03-08 00:42:53 UTC

*** Bug 2268268 has been marked as a duplicate of this bug. ***

Comment 12 Dhananjay Arunesh 2024-04-09 09:41:17 UTC

Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 2274128]


Created mingw-libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 2274129]

Note You need to log in before you can comment on or make changes to this bug.

bdettelb
caswilli
dfreiber
dhalasz
drow
fjansen
hkario
hkataria
jburrell
jjelen
jsamir
kaycoth
kshier
omaciel
orabin
psegedy
rgatica
security-response-team
sidakwo
ssorce
sthirugn
tcarlin
vkrizan
vkumar
vmugicag