Assigner | redhat |
Reserved | 2024-01-15 |
Published | 2024-01-16 |
Updated | 2024-09-16 |
Description
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
HIGH: 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Product status
Default status
unaffected
3.8.0 before 3.8.3
affected
Default status
affected
0:3.6.16-8.el8_9.1 before *
unaffected
Default status
affected
0:3.6.16-8.el8_9.1 before *
unaffected
Default status
affected
0:3.6.16-5.el8_6.3 before *
unaffected
Default status
affected
0:3.6.16-7.el8_8.2 before *
unaffected
Default status
affected
0:3.7.6-23.el9_3.3 before *
unaffected
Default status
affected
0:3.7.6-23.el9_3.3 before *
unaffected
Default status
affected
0:3.7.6-21.el9_2.2 before *
unaffected
Default status
affected
v4.15.0-37 before *
unaffected
Default status
affected
v4.15.0-68 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-39 before *
unaffected
Default status
affected
v4.15.0-58 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-13 before *
unaffected
Default status
affected
v4.15.0-81 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-79 before *
unaffected
Default status
affected
v4.15.0-22 before *
unaffected
Default status
affected
v4.15.0-57 before *
unaffected
Default status
affected
v4.15.0-6 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-15 before *
unaffected
Default status
affected
v4.15.0-15 before *
unaffected
Default status
affected
v4.15.0-54 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-10 before *
unaffected
Default status
affected
v4.15.0-26 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-19 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-158 before *
unaffected
Default status
affected
v4.15.0-21 before *
unaffected
Default status
affected
v4.15.0-103 before *
unaffected
Default status
affected
v5.8.6-22 before *
unaffected
Default status
affected
v5.8.6-11 before *
unaffected
Default status
affected
v6.8.1-407 before *
unaffected
Default status
affected
v5.8.6-19 before *
unaffected
Default status
affected
v1.0.0-479 before *
unaffected
Default status
affected
v5.8.6-7 before *
unaffected
Default status
affected
v0.4.0-247 before *
unaffected
Default status
affected
v5.8.6-5 before *
unaffected
Default status
affected
v1.1.0-227 before *
unaffected
Default status
affected
v5.8.1-470 before *
unaffected
Default status
affected
v2.9.6-14 before *
unaffected
Default status
affected
v5.8.6-2 before *
unaffected
Default status
affected
v5.8.6-24 before *
unaffected
Default status
affected
v5.8.6-10 before *
unaffected
Default status
affected
v0.1.0-525 before *
unaffected
Default status
affected
v0.1.0-224 before *
unaffected
Default status
affected
v0.28.1-56 before *
unaffected
Default status
unknown
Default status
unknown
Timeline
2024-01-15: | Reported to Red Hat. |
2024-01-16: | Made public. |
References
https://access.redhat.com/errata/RHSA-2024:0533 (RHSA-2024:0533) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:0627 (RHSA-2024:0627) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:0796 (RHSA-2024:0796) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:1082 (RHSA-2024:1082) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:1108 (RHSA-2024:1108) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:1383 (RHSA-2024:1383) vendor-advisory
https://access.redhat.com/errata/RHSA-2024:2094 (RHSA-2024:2094) vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-0553 vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=2258412 (RHBZ#2258412) issue-tracking
https://gitlab.com/gnutls/gnutls/-/issues/1522
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
cve.org CVE-2024-0553
nvd.nist.gov CVE-2024-0553
Download JSON
Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.