CVE-2024-2236

Published: Mar 6, 2024Modified: Feb 25, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Related CWEs

CWE-208

Observable Timing Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CWE-385

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

References (8)

https://access.redhat.com/errata/RHSA-2024:9404

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3530

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3534

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-2236

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2245218

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-2236

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2245218

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=2268268

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.