2336100 – (CVE-2025-0306) CVE-2025-0306 ruby: openssl: Ruby Marvin Attack

Bug 2336100 (CVE-2025-0306) - CVE-2025-0306 ruby: openssl: Ruby Marvin Attack

Summary: CVE-2025-0306 ruby: openssl: Ruby Marvin Attack

Keywords:
Status:	NEW
Alias:	CVE-2025-0306
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2336102 2336103 2336104
Blocks:
TreeView+	depends on / blocked

Reported:	2025-01-07 11:19 UTC by OSIDB Bzimport
Modified:	2025-01-08 14:14 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-01-07 11:19:32 UTC

Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging large number of messages with the vulnerable service.

The attacker needs to be able to directly or indirectly measure the time of calling to RSA::private_decrypt() or PKey::decrypt() and the error handling of those methods. Attacks over network are possible if network service can be made to perform calls to those functions with attacker controlled messages.

Comment 1 Alicja Kario 2025-01-07 12:13:29 UTC

The issue can be workarounded by using Ruby with OpenSSL that implements implicit rejection (http://github.com/openssl/openssl/pull/13817), first included upstream in the 3.2.0 release.

That feature has also been backported to:
 - RHEL-9.2.z: http://access.redhat.com/errata/RHSA-2024:0500
 - RHEL-8.9.z: http://access.redhat.com/errata/RHSA-2023:7877
 - RHEL-8.8 EUS: http://access.redhat.com/errata/RHSA-2024:0154
 - RHEL-8.6 EUS: http://access.redhat.com/errata/RHSA-2024:0208

Note You need to log in before you can comment on or make changes to this bug.