CVE-2024-2236
Published: 6 March 2024
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Notes
| Author | Note |
|---|---|
| mdeslaur | No upstream fix for this issue as of 2024-07-18 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| noble |
Does not exist
|
|
| trusty |
Deferred
(2024-07-18)
|
|
| upstream |
Needs triage
|
|
|
libgcrypt20 Launchpad, Ubuntu, Debian |
bionic |
Deferred
(2024-07-18)
|
| focal |
Deferred
(2024-07-18)
|
|
| jammy |
Deferred
(2024-07-18)
|
|
| mantic |
Ignored
(end of life, was deferred [2024-07-18])
|
|
| noble |
Deferred
(2024-07-18)
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
(2024-07-18)
|