CVE-2024-11862

MEDIUM

Dvls XTS.NET <2024.11.19 - Info Disclosure

Title source: llm

Description

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/Devolutions/XTS.NET/security/advisories/GHSA-j6vm-4r7g-x4gr

Scores

CVSS v4 5.1

EPSS 0.0004

EPSS Percentile 10.8%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-385

Status published

Products (2)

Devolutions/XTS.NET < 2024.11.26

nuget/Devolutions.XTS.NET 0 - 2024.11.26NuGet

Published Nov 27, 2024

Tracked Since Feb 18, 2026