Products
iPerf3
- before 3.17
OpenSSL
- before 3.2.0
Source
cve@mitre.org
Tags
CVE-2024-26306 details
Published : May 14, 2024, 3:08 p.m.
Last Modified : May 14, 2024, 4:13 p.m.
Last Modified : May 14, 2024, 4:13 p.m.
Description
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc | cve@mitre.org |
https://github.com/esnet/iperf/releases/tag/3.17 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.