CVE-2025-0306

HIGH Year: 2025
CVSS v3 Score
7.4
High
Weakness Type
CWE-385
View all →

Vulnerability Description

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

Related Vulnerabilities

CVE-2023-46809

HIGH
CVSS:7.4(High)

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com...

CWE-3852023

CVE-2022-24409

HIGH
CVSS:7.5(High)

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance...

CWE-3852022

CVE-2024-25964

HIGH
CVSS:7.5(High)

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of servic...

CWE-3852024

CVE-2017-2624

HIGH
CVSS:7.0(High)

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xor...

CWE-3852017

CVE-2020-35164

HIGH
CVSS:8.1(High)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CWE-3852020

CVE-2018-10844

MEDIUM
CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recove...

CWE-3852018