Home

Description

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

PUBLISHED Reserved 2025-01-07 | Published 2025-01-09 | Updated 2025-11-06 | Assigner redhat




HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

Covert Timing Channel

Product status

Default status
unaffected

Any version before *
affected

Default status
unaffected

Default status
unknown

Default status
unknown

Default status
unknown

Default status
unknown

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unknown

Timeline

2025-01-07:Reported to Red Hat.
2024-06-24:Made public.

Credits

This issue was discovered by Alicja Kario (Red Hat).

References

security.netapp.com/advisory/ntap-20250221-0009/

access.redhat.com/security/cve/CVE-2025-0306 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2336100 (RHBZ#2336100) issue-tracking

cve.org (CVE-2025-0306)

nvd.nist.gov (CVE-2025-0306)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.