CVE-2024-2236
Publication date 6 March 2024
Last updated 25 November 2024
Ubuntu priority
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Read the notes from the security team
Why is this CVE low priority?
libgcrypt developers consider this to be a low severity issue
Status
Package | Ubuntu Release | Status |
---|---|---|
libgcrypt11 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was deferred | |
libgcrypt20 | 24.10 oracular |
Vulnerable, fix deferred
|
24.04 LTS noble |
Vulnerable, fix deferred
|
|
22.04 LTS jammy |
Vulnerable, fix deferred
|
|
20.04 LTS focal |
Vulnerable, fix deferred
|
|
18.04 LTS bionic |
Vulnerable, fix deferred
|
|
16.04 LTS xenial |
Vulnerable, fix deferred
|
Notes
mdeslaur
No upstream fix for this issue as of 2024-11-25 libgcrypt developers consider this to be a low severity issue
References
Other references
- https://access.redhat.com/security/cve/CVE-2024-2236
- https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html
- https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt
- https://dev.gnupg.org/T7136
- https://www.cve.org/CVERecord?id=CVE-2024-2236
- https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17