Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-2236

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

Libgcrypt: timing based side-channel in rsa implementation

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

References

https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
RHSA-2025:3530 x_refsource_REDHAT vendor-advisory
RHSA-2025:3534 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
RHSA-2025:3530 x_refsource_REDHAT vendor-advisory
RHSA-2025:3534 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
RHSA-2025:3530 x_refsource_REDHAT vendor-advisory
RHSA-2025:3534 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
RHSA-2025:3530 x_refsource_REDHAT vendor-advisory
RHSA-2025:3534 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
RHSA-2025:3530 x_refsource_REDHAT vendor-advisory
RHSA-2025:3534 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred
RHSA-2025:3534 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry
RHBZ#2245218 issue-tracking x_refsource_REDHAT
RHSA-2024:9404 x_refsource_REDHAT vendor-advisory
RHSA-2025:3530 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-2236 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2245218 issue-tracking x_refsource_REDHAT x_transferred
RHBZ#2268268 issue-tracking x_refsource_REDHAT x_transferred

Affected products

upstream

libgcrypt

<9.4.0
*

mingw-libgcrypt

Matching in nixpkgs

pkgs.libgcrypt

General-purpose cryptographic library

nixos-unstable -
- nixpkgs-unstable 1.11.1

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libgcrypt