Bugzilla – Bug 1221107
VUL-0: CVE-2024-2236: libgcrypt: timing based side-channel in RSA implementation
Last modified: 2024-07-10 09:46:00 UTC
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2268268 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://access.redhat.com/security/cve/CVE-2024-2236
More info in the devel mailing list [0] and marvin-toolkint [1] for libgcrypt. See also the compilation of packages affected by the Marvin attack in [2]. [0] https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html [1] https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt [2] https://people.redhat.com/~hkario/marvin/
Going through the vulnerability thread in the devel mailing list [0] and through the upstream git project [1], it seems like the issue is still being discussed and, therefore, there have been no commits made by upstream to address it (as of 2024-04-04). A documentation change has been suggested. [0] https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html [1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=summary
Right, there is no fix yet available from upstream. A fix for PKCS#1v1.5 would require a completely new API or an implementation of implicit rejection. We'll have to wait for upstream to have a proper fix for this.
Upstream task: * https://dev.gnupg.org/T7136 RH gitlab MR: * https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17 Still in the works.