CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

Mageia: Security Advisory (MGASA-2024-0008)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0008 Updated gnutls packages fix a security vulnerability

The updated packages fix a security vulnerability: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. CVE-2023-5981...

AlmaLinux 8 : gnutls (ALSA-2024:0155)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0155 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...

Oracle Linux 8 : gnutls (ELSA-2024-0155)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0155 advisory. 3.6.16-8 - timing side-channel in the RSA-PSK authentication CVE-2023-5981 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 8 : gnutls (RHSA-2024:0155)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0155 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

CentOS 8 : gnutls (CESA-2024:0155)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0155 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...

Ubuntu 18.04 ESM : GnuTLS vulnerability (USN-6499-2)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6499-2 advisory. USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding description...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-463)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-463 advisory. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2023:4986-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4986-1 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2023:4952-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4952-1 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...

CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

Design/Logic Flaw

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

CVE-2023-5981

CVE-2023-5981 affects GnuTLS via timing side-channel in RSA-PSK ClientKeyExchange, potentially leaking data. Connected docs show affected gnutls versions before 3.7.11-1 (CBLMARINER: CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1) and note CVE-2024-0553 as an incomplete re...

GnuTLS Security Vulnerabilities

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.7-4+deb10u11, which stems from a security flaw in the RSA-PSK ClientKeyExchange, where the response time to a misformatted ciphertext differs from the...

[SECURITY] [DLA 3660-1] gnutls28 security update

Debian LTS Advisory DLA-3660-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 22, 2023 https://wiki.debian.org/LTS Package : gnutls28 Version : 3.6.7-4+deb10u11 CVE ID : CVE-2023-5981 Debian Bug : 1056188 A vulnerability was found in GnuTLS, a secure...

CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

UBUNTU-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2023-2451)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : gnutls (EulerOS-SA-2023-2476)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...