2245218 – (CVE-2024-2236) CVE-2024-2236 libgcrypt: vulnerable to Marvin Attack

Bug 2245218 (CVE-2024-2236) - CVE-2024-2236 libgcrypt: vulnerable to Marvin Attack

Summary: CVE-2024-2236 libgcrypt: vulnerable to Marvin Attack

Keywords:
Status:	NEW
Alias:	CVE-2024-2236
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2268268 (view as bug list)
Depends On:	2274128 2274129
Blocks:	2245213
TreeView+	depends on / blocked

Reported:	2023-10-20 07:00 UTC by Dhananjay Arunesh
Modified:	2025-04-08 18:59 UTC (History)
CC List:	34 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2025:3633	None	None	None	2025-04-07 13:40:00 UTC
Red Hat Product Errata	RHBA-2025:3708	None	None	None	2025-04-08 18:59:13 UTC
Red Hat Product Errata	RHSA-2024:9404	None	None	None	2024-11-12 10:34:32 UTC
Red Hat Product Errata	RHSA-2025:3530	None	None	None	2025-04-02 14:46:24 UTC
Red Hat Product Errata	RHSA-2025:3534	None	None	None	2025-04-02 15:05:48 UTC

Description Dhananjay Arunesh 2023-10-20 07:00:57 UTC

Libgcrypt is vulnerable to the Marvin attack.

Comment 8 Robb Gatica 2024-03-08 00:42:53 UTC

*** Bug 2268268 has been marked as a duplicate of this bug. ***

Comment 12 Dhananjay Arunesh 2024-04-09 09:41:17 UTC

Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 2274128]


Created mingw-libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 2274129]

Comment 18 Jakub Jelen 2024-08-07 08:18:35 UTC

Hi,
adding a summary of this CVE and links that need to be updated to the CVE listing:

 * The upstream issue tracking this vulnerability: https://dev.gnupg.org/T7136
 * The patches fixing this are available in our gitlab mirror: https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/19

Comment 19 errata-xmlrpc 2024-11-12 10:34:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9404 https://access.redhat.com/errata/RHSA-2024:9404

Comment 21 errata-xmlrpc 2025-04-02 14:46:21 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3530 https://access.redhat.com/errata/RHSA-2025:3530

Comment 22 errata-xmlrpc 2025-04-02 15:05:45 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:3534 https://access.redhat.com/errata/RHSA-2025:3534

Note You need to log in before you can comment on or make changes to this bug.

bdettelb
caswilli
dfreiber
doconnor
drow
fjansen
hkario
hkataria
jburrell
jdobes
jjelen
jsamir
jvasik
kaycoth
kholdawa
kshier
lcouzens
mskarbek
oezr
omaciel
orabin
psegedy
rblanco
rgatica
sbroz
security-response-team
sidakwo
ssorce
sthirugn
tcarlin
teagle
vkrizan
vkumar
vmugicag