Lucene search

K
ubuntuUbuntuUSN-6499-1
HistoryNov 21, 2023 - 12:00 a.m.

GnuTLS vulnerability

2023-11-2100:00:00
ubuntu.com
22
gnutls
timing side-channel
vulnerability
ubuntu
rsa-psk
key exchanges
sensitive information
library
packages

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.9%

Releases

  • Ubuntu 23.10
  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • gnutls28 - GNU TLS library

Details

It was discovered that GnuTLS had a timing side-channel when handling
certain RSA-PSK key exchanges. A remote attacker could possibly use this
issue to recover sensitive information.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

47.9%