CVE-2024-26306

EPSS 0.63%
Published 14.05.2024 15:08:51
Last modified 26.09.2025 19:19:49
Source cve@mitre.org
Teams watchlist Login
Open Login

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Es ≫ Iperf3 Version < 3.17

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.63%	0.695

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc

Third Party Advisory

https://github.com/esnet/iperf/releases/tag/3.17

Release Notes

https://www.insyde.com/security-pledge/SA-2024005

Third Party Advisory

https://security.netapp.com/advisory/ntap-20250228-0007/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-26306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26306

EUVD