Lucene search
K

93 matches found

osv
osv
added 2024/03/21 2:15 p.m.2 views

DEBIAN-CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS5.7AI score0.00718EPSS
Exploits0References1
osv
osv
added 2024/03/21 2:15 p.m.29 views

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.9AI score0.00718EPSS
Exploits0References14
osv
osv
added 2024/03/21 2:15 p.m.4 views

UBUNTU-CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.6AI score0.00718EPSS
Exploits0References8
cvelist
cvelist
added 2024/03/21 1:29 p.m.20 views

CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS5.7AI score0.00718EPSS
Exploits0References10
vulnrichment
vulnrichment
added 2024/03/21 1:29 p.m.24 views

CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.7AI score0.00718EPSS
Exploits0References10
cve
cve
added 2024/03/21 1:29 p.m.272 views

CVE-2024-28834

CVE-2024-28834 describes a Minerva timing side-channel in GnuTLS where deterministic nonce behavior (notably with GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) can leak private-key-related information. In affected contexts, this may allow an attacker to recover or infer sensitive data over observed signature...

5.3CVSS6.5AI score0.00718EPSS
Exploits0References15
debiancve
debiancve
added 2024/03/21 1:29 p.m.29 views

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.2AI score0.00718EPSS
Exploits0
redhatcve
redhatcve
added 2024/03/21 6:8 a.m.43 views

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.4AI score0.00718EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2024/03/21 12:0 a.m.38 views

CVE-2024-28834

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.7AI score0.00718EPSS
Exploits0References7
amazon
amazon
added 2024/02/19 12:0 a.m.4 views

Medium: nss

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss Issue Correction: Run dnf update nss...

4.3CVSS6.3AI score0.00714EPSS
Exploits0
amazon
amazon
added 2024/02/19 12:0 a.m.35 views

Medium: nss-softokn

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss-softokn Note: This advisory is applicable...

4.3CVSS5.7AI score0.00714EPSS
Exploits0
amazon
amazon
added 2024/02/19 12:0 a.m.3 views

Medium: nss-softokn

Issue Overview: Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121. CVE-2023-6135 Affected Packages: nss-softokn Note: This advisory is applicable...

4.3CVSS8.8AI score0.00714EPSS
Exploits0
redhatcve
redhatcve
added 2024/01/24 9:49 a.m.195 views

CVE-2024-23342

A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...

7.4CVSS6.8AI score0.00977EPSS
Exploits1References7
veracode
veracode
added 2024/01/24 5:56 a.m.36 views

Minerva Attack

ecdsa is vulnerable to Minerva Attack. The vulnerability is due to timing discrepancies within the ecdsa.SigningKey.signdigest function, which allows attackers to deduce the private key by analyzing the time taken to generate ECDSA signatures with varying nonce sizes. The maintainers will not...

7.4CVSS7AI score0.00977EPSS
Exploits1References4Affected Software1
susecve
susecve
added 2024/01/24 2:50 a.m.5 views

SUSE CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS6.9AI score0.00977EPSS
Exploits1References3
osv
osv
added 2024/01/23 12:15 a.m.1 views

DEBIAN-CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS7.3AI score0.00977EPSS
Exploits1References1
nvd
nvd
added 2024/01/23 12:15 a.m.76 views

CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS7.4AI score0.00977EPSS
Exploits1References4
prion
prion
added 2024/01/23 12:15 a.m.20 views

Code injection

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

4CVSS7AI score0.00977EPSS
Exploits1References4Affected Software1
osv
osv
added 2024/01/23 12:15 a.m.5 views

UBUNTU-CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS5.8AI score0.00977EPSS
Exploits1References6
ubuntucve
ubuntucve
added 2024/01/23 12:0 a.m.36 views

CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS7.1AI score0.00977EPSS
Exploits1References5
Rows per page
Query Builder