DEBIAN-CVE-2024-2236

DEBIAN-CVE-2024-2236 PUBLISHED CVSS 5.900000095367432 MEDIUM

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Risk Scores

CVSS 3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	libgcrypt20	0, 1.12.2-1, 1.11.2-2
Debian:11	libgcrypt20	1.9.4-5, 1.10.3-1, 1.9.1-1
Debian:14	libgcrypt20	*, 1.11.0+git20250114-1, 1.11.0-7
Debian:12	libgcrypt20	1.12.1-1, *, 1.11.0-3

Exploit Intelligence

TestCommand.yaml (github-poc)
sec-build.yaml (github-poc)
sec-deb.yaml (github-poc)
trivy_test.go (github-poc)
JsonScanResultV1ToScanResultAdapter.test.ts (github-poc)

Timeline

Mar 6, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-2236 advisory

Open in Interactive Console →