INFSA-2024:9404: libgcrypt security update
Information about definition
Identificator: INFSA-2024:9404
Type: security
Release date: 2024-12-13 11:43:38 UTC
Information about package
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.
Vulnerabilities description
- CVE-2024-2236
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-2236
|
no information | 5.9 | no information |
Updated packages