CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

https://github.com/l3montree-dev/devguard-action/issues/151

Fixed

LOW (1.8)

System detected CVE-2024-2236 with a risk of 3.55
main
System created a ticket for CVE-2024-2236
main
Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/131
System detected CVE-2024-2236 on another ref: main
main
System created a ticket for CVE-2024-2236
main
Everything after this entry will be synced with the external system. The ticket can be found at undefined
System updated the risk assessment from 3.55 to 1.77
main
System recalculated raw risk assessment
System detected CVE-2024-2236 with scanner: container-scanning:test
main
S
Sebastian Kawelke updated the risk assessment from 1.77 to 0.95
main
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 0.95 to 1.77
main
Confidentiality Requirement updated: low -> high
System removed scanner: container-scanning
main
System fixed CVE-2024-2236
main

Reopen this vulnerability

Comment will be synced with https://github.com/l3montree-dev/devguard-action/issues/151

Last calculated at:

Affected component

debian/libgcrypt20

Installed version:

1.10.1-3

Fixed in:

no patch available

Show in dependency graph

/🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

CVE-2024-2236

Reopen this vulnerability

Affected component

Management decisions across the organization