CVE-2025-0306 | THREATINT

Description

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

Reserved 2025-01-07 | Published 2025-01-09 | Updated 2025-01-09 | Assigner redhat

HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

Covert Timing Channel

Product status

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unknown

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2025-01-07:	Reported to Red Hat.
2024-06-24:	Made public.

Credits

This issue was discovered by Alicja Kario (Red Hat).

References

access.redhat.com/security/cve/CVE-2025-0306 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2336100 (RHBZ#2336100) issue-tracking

cve.org (CVE-2025-0306)

nvd.nist.gov (CVE-2025-0306)

Download JSON

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat

Subscribe to our newsletter to learn more about our work.