Today > 1 Critical | 2 High | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-11862

Nov. 27, 2024, 3:15 p.m.

Tags

security@devolutions.net
CWE-385
2024-11-27
CVE-2024-11862

Product(s) Impacted

Devolutions.XTS.NET

  • 2024.11.19 and earlier

Description

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks

Weaknesses

CWE-385
Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

CWE ID: 385

Date

Published: Nov. 27, 2024, 3:15 p.m.

Last Modified: Nov. 27, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@devolutions.net

References

https://github.com/ security@devolutions.net