CVE-2024-26306

CVE-2024-26306

Name

CVE-2024-26306

Description

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc
cve@mitre.org	https://github.com/esnet/iperf/releases/tag/3.17
cve@mitre.org	https://www.insyde.com/security-pledge/SA-2024005
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250228-0007/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html

Type

URI

cve@mitre.org

https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc

cve@mitre.org

https://github.com/esnet/iperf/releases/tag/3.17

cve@mitre.org

https://www.insyde.com/security-pledge/SA-2024005

af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20250228-0007/

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html