A vulnerability was found in GnuTLS. The response times to malformed
ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of
ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote
attacker to perform a timing side-channel attack in the RSA-PSK key
exchange, potentially leading to the leakage of sensitive data.
CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Author | Note |
---|---|
iconstantin | CVE-2023-5981 ignored/fix not applied in xenial. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gnutls28 | <Â any | UNKNOWN |
ubuntu | 20.04 | noarch | gnutls28 | <Â 3.6.13-2ubuntu1.10 | UNKNOWN |
ubuntu | 22.04 | noarch | gnutls28 | <Â 3.7.3-4ubuntu1.4 | UNKNOWN |
ubuntu | 23.04 | noarch | gnutls28 | <Â 3.7.8-5ubuntu1.2 | UNKNOWN |
ubuntu | 23.10 | noarch | gnutls28 | <Â 3.8.1-4ubuntu1.2 | UNKNOWN |
ubuntu | 24.04 | noarch | gnutls28 | <Â 3.8.3-1ubuntu1 | UNKNOWN |
access.redhat.com/security/cve/CVE-2024-0553
gnutls.org/security-new.html#GNUTLS-SA-2024-01-14
launchpad.net/bugs/cve/CVE-2024-0553
lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
nvd.nist.gov/vuln/detail/CVE-2024-0553
security-tracker.debian.org/tracker/CVE-2024-0553
ubuntu.com/security/notices/USN-6593-1
www.cve.org/CVERecord?id=CVE-2024-0553