5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.1%
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | gnutls28 | <= 3.7.9-2+deb12u2 | gnutls28_3.7.9-2+deb12u2_all.deb |
Debian | 11 | all | gnutls28 | <= 3.7.1-5+deb11u4 | gnutls28_3.7.1-5+deb11u4_all.deb |
Debian | 10 | all | gnutls28 | < 3.6.7-4+deb10u8 | gnutls28_3.6.7-4+deb10u8_all.deb |
Debian | 999 | all | gnutls28 | < 3.8.4-2 | gnutls28_3.8.4-2_all.deb |
Debian | 13 | all | gnutls28 | < 3.8.4-2 | gnutls28_3.8.4-2_all.deb |