We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2024-28834

Gnutls: vulnerable to minerva side-channel information leak

Reserved:2024-03-11
Published:2024-03-21
Updated:2024-05-16

Description

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.



MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
affected

0:3.6.16-8.el8_9.3 before *
unaffected

Default status
affected

0:3.6.16-8.el8_9.3 before *
unaffected

Default status
affected

0:3.6.16-5.el8_6.4 before *
unaffected

Default status
affected

0:3.6.16-7.el8_8.3 before *
unaffected

Default status
affected

0:3.7.6-23.el9_3.4 before *
unaffected

Default status
affected

0:3.8.3-4.el9_4 before *
unaffected

Default status
affected

0:3.7.6-23.el9_3.4 before *
unaffected

Default status
affected

0:3.8.3-4.el9_4 before *
unaffected

Default status
affected

0:3.7.6-21.el9_2.3 before *
unaffected

Default status
unknown

Default status
unknown

Timeline

2024-03-11:Reported to Red Hat.
2024-03-21:Made public.

References

http://www.openwall.com/lists/oss-security/2024/03/22/1

http://www.openwall.com/lists/oss-security/2024/03/22/2

https://access.redhat.com/errata/RHSA-2024:1784 (RHSA-2024:1784) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:1879 (RHSA-2024:1879) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:1997 (RHSA-2024:1997) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2044 (RHSA-2024:2044) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2570 (RHSA-2024:2570) vendor-advisory

https://access.redhat.com/errata/RHSA-2024:2889 (RHSA-2024:2889) vendor-advisory

https://access.redhat.com/security/cve/CVE-2024-28834 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2269228 (RHBZ#2269228) issue-tracking

https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

https://minerva.crocs.fi.muni.cz/

https://people.redhat.com/~hkario/marvin/

cve.org CVE-2024-28834

nvd.nist.gov CVE-2024-28834

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-28834