Medium severity5.9NVD Advisory· Published Apr 25, 2024· Updated Apr 15, 2026
CVE-2024-2467
CVE-2024-2467
Description
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords5 versionspkg:rpm/opensuse/perl-Crypt-OpenSSL-RSA&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/perl-Crypt-OpenSSL-RSA&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-Crypt-OpenSSL-RSA&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/perl-Crypt-OpenSSL-RSA&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/perl-Crypt-OpenSSL-RSA&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 0.28-150600.19.3.1+ 4 more
- (no CPE)range: < 0.28-150600.19.3.1
- (no CPE)range: < 0.350.0-1.1
- (no CPE)range: < 0.28-150600.19.3.1
- (no CPE)range: < 0.28-150600.19.3.1
- (no CPE)range: < 0.28-10.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.