CVE-2024-2408

CWE-203CWE-208CWE-327Broken Cryptographic AlgorithmCWE-3856 documents6 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 51.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PHP Group PHPPHP PHPFedoraproject Fedora
Timeline
PublishedJun 9
Latest updateJun 11

Description

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDphp/php8.1.08.1.29+2
CVEListV5php_group/php8.1.*8.1.29+2
Debianphp8.2< 8.2.18-1

Also affects: Fedora 40

🔴Vulnerability Details

2
OSV
CVE-2024-2408: The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attac2024-06-09
CVEList
PHP is vulnerable to the Marvin Attack2024-06-09

📋Vendor Advisories

3
Microsoft
PHP is vulnerable to the Marvin Attack2024-06-11
Red Hat
php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API2024-06-07
Debian
CVE-2024-2408: php7.4 - The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_P...2024
CVE-2024-2408 (MEDIUM CVSS 5.9) | The openssl_private_decrypt functio | cvebase.io