Lucene search

K

GoogleOSV:ALSA-2024:0155

HistoryJan 10, 2024 - 12:00 a.m.

Moderate: gnutls security update

2024-01-1000:00:00

Google

osv.dev

6

gnutls

security update

timing side-channel

rsa-psk

authentication

cve-2023-5981

cryptographic algorithms

ssl

tls

dtls

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

access.redhat.com/errata/RHSA-2024:0155

access.redhat.com/security/cve/CVE-2023-5981

bugzilla.redhat.com/2248445

errata.almalinux.org/8/ALSA-2024-0155.html

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

Related for OSV:ALSA-2024:0155

debiancve2 veracode1 nessus58 rocky2 oraclelinux3 alpinelinux2 cve2 almalinux3 osv9 prion2 openvas27 cvelist2 ubuntu2 mageia2 redhat33 cloudfoundry1 redhatcve2 debian2 redos1 nvd2 ubuntucve2 photon3 f51 fedora2 ibm5 hp2 ics1