CVE-2024-0202

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-208
View all →

Vulnerability Description

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate.

Related Vulnerabilities

CVE-2016-10535

MEDIUM
CVSS:5.9(Medium)

csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enab...

CWE-2082016

CVE-2019-13420

MEDIUM
CVSS:5.9(Medium)

Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.

CWE-2082019

CVE-2019-16782

MEDIUM
CVSS:5.9(Medium)

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions...

CWE-2082019

CVE-2019-9494

MEDIUM
CVSS:5.9(Medium)

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain ...

CWE-2082019

CVE-2020-1926

MEDIUM
CVSS:5.9(Medium)

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue ...

CWE-2082020

CVE-2021-4294

MEDIUM
CVSS:5.9(Medium)

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to ob...

CWE-2082021