CVE-2024-26306

EPSS 0.63%
Veröffentlicht 14.05.2024 15:08:51
Zuletzt bearbeitet 26.09.2025 19:19:49
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Es ≫ Iperf3 Version < 3.17

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.695

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc

Third Party Advisory

https://github.com/esnet/iperf/releases/tag/3.17

Release Notes

https://www.insyde.com/security-pledge/SA-2024005

Third Party Advisory

https://security.netapp.com/advisory/ntap-20250228-0007/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-26306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26306

EUVD