CVE-2024-2236

Publication date 6 March 2024

Last updated 25 November 2024


Ubuntu priority

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Read the notes from the security team

Why is this CVE low priority?

libgcrypt developers consider this to be a low severity issue

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
libgcrypt11 24.10 oracular Not in release
24.04 LTS noble Not in release
23.10 mantic Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
14.04 LTS trusty Ignored end of ESM support, was deferred
libgcrypt20 24.10 oracular
Vulnerable, fix deferred
24.04 LTS noble
Vulnerable, fix deferred
23.10 mantic Ignored end of life, was deferred [2024-09-19]
22.04 LTS jammy
Vulnerable, fix deferred
20.04 LTS focal
Vulnerable, fix deferred
18.04 LTS bionic
Vulnerable, fix deferred
16.04 LTS xenial
Vulnerable, fix deferred

Notes


mdeslaur

No upstream fix for this issue as of 2024-11-25 libgcrypt developers consider this to be a low severity issue