Unrated severityOSV Advisory· Published Jan 31, 2024· Updated Mar 24, 2026
Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
CVE-2024-0914
Description
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18v2.3.2, v2.3.3, v2.4.3, …+ 1 more
- (no CPE)range: v2.3.2, v2.3.3, v2.4.3, …
- (no CPE)
- osv-coords16 versionspkg:rpm/almalinux/opencryptokipkg:rpm/almalinux/opencryptoki-ccatokpkg:rpm/almalinux/opencryptoki-develpkg:rpm/almalinux/opencryptoki-ep11tokpkg:rpm/almalinux/opencryptoki-icatokpkg:rpm/almalinux/opencryptoki-icsftokpkg:rpm/almalinux/opencryptoki-libspkg:rpm/almalinux/opencryptoki-swtokpkg:rpm/almalinux/opencryptoki-tpmtokpkg:rpm/opensuse/openCryptoki&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openCryptoki&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 3.21.0-9.el9_3.alma.1+ 15 more
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-9.el9_3.alma.1
- (no CPE)range: < 3.21.0-10.el8_9.alma.1
- (no CPE)range: < 3.23.0-150500.3.3.13
- (no CPE)range: < 3.23.0-4.1
- (no CPE)range: < 3.23.0-150500.3.3.13
- (no CPE)range: < 3.23.0-150500.3.3.13
- (no CPE)range: < 3.17.0-5.9.2
- (no CPE)range: < 3.17.0-5.9.2
- (no CPE)range: < 3.17.0-5.9.2
Patches
Vulnerability mechanics
References
8- access.redhat.com/errata/RHSA-2024:1239mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1411mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1608mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1856mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1992mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2024-0914mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- people.redhat.com/~hkario/marvin/mitre
News mentions
0No linked articles in our index yet.