CVE-2024-2467 in Crypt-OpenSSL-RSA (Marvin Attack)
Summary
by MITRE • 04/25/2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/26/2026
The vulnerability identified as CVE-2024-2467 represents a critical timing-based side-channel weakness within the perl-Crypt-OpenSSL-RSA cryptographic library implementation. This flaw specifically impacts the legacy PKCS#1v1.5 RSA encryption padding scheme, which has been widely deployed in various cryptographic applications and network protocols. The vulnerability stems from inconsistent timing behavior during cryptographic operations, where the time taken to process different padding structures varies predictably, creating exploitable timing differentials that can be measured and analyzed by attackers.
The technical nature of this vulnerability aligns with CWE-320, which addresses weaknesses in cryptographic implementations related to side-channel attacks, and more specifically with CWE-327, which deals with the use of insecure or weakened cryptographic algorithms. The flaw operates through a timing-based side-channel attack vector that enables adversaries to infer information about the encryption process by measuring the time differences in cryptographic operations. When combined with the Bleichenbacher-style attack methodology, this timing inconsistency can be leveraged to recover plaintext data transmitted over networks, particularly when the attacker has the capability to send numerous trial messages to the target system.
The operational impact of this vulnerability is significant for systems utilizing the affected perl-Crypt-OpenSSL-RSA package, especially in environments where legacy PKCS#1v1.5 padding is employed for RSA encryption. Network communications that rely on this cryptographic implementation become susceptible to plaintext recovery attacks, potentially compromising sensitive data confidentiality. The attack requires an adversary to send a large number of trial messages, making it a resource-intensive but feasible attack vector against systems that do not implement proper timing constant operations or cryptographic countermeasures. This vulnerability affects the fundamental security properties of RSA encryption when used in the vulnerable padding mode, undermining the confidentiality guarantees typically associated with properly implemented cryptographic protocols.
Mitigation strategies for CVE-2024-2467 should prioritize the immediate replacement or upgrade of the affected perl-Crypt-OpenSSL-RSA package to versions that implement constant-time cryptographic operations. Organizations should transition away from legacy PKCS#1v1.5 padding modes toward more secure alternatives such as PKCS#1v2.1 with OAEP padding, which are inherently resistant to timing-based side-channel attacks. Implementation of constant-time cryptographic algorithms and proper timing countermeasures should be enforced throughout the cryptographic stack to prevent similar vulnerabilities from manifesting in other components. System administrators should also consider network-level monitoring to detect anomalous message patterns that might indicate attempted exploitation of this vulnerability. The remediation efforts should align with industry best practices outlined in NIST SP 800-57 for cryptographic key management and the MITRE ATT&CK framework's approach to cryptographic attacks, particularly focusing on the techniques related to side-channel and timing-based information disclosure attacks.