Back

CVE-2024-26306

May 14, 2024, 4:13 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

iPerf3

  • before 3.17

OpenSSL

  • before 3.2.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-05-14
CVE-2024-26306

CVE-2024-26306 details

Published : May 14, 2024, 3:08 p.m.
Last Modified : May 14, 2024, 4:13 p.m.

Description

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc cve@mitre.org
https://github.com/esnet/iperf/releases/tag/3.17 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.