Lucene search
Ubuntu.comUB:CVE-2024-0553HistoryJan 16, 2024 - 12:00 a.m.
CVE-2024-0553
2024-01-1600:00:00
ubuntu.com
ubuntu.com
17
gnutls
vulnerability
rsa-psk
data leakage
timing attack
A vulnerability was found in GnuTLS. The response times to malformed
ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of
ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote
attacker to perform a timing side-channel attack in the RSA-PSK key
exchange, potentially leading to the leakage of sensitive data.
CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061046>
- <https://gitlab.com/gnutls/gnutls/-/issues/1522>
- <https://bugzilla.redhat.com/show_bug.cgi?id=2258412>
Notes
| Author | Note |
|---|---|
| iconstantin | CVE-2023-5981 ignored/fix not applied in xenial. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | gnutls28 | <Â any | UNKNOWN |
| ubuntu | 20.04 | noarch | gnutls28 | <Â 3.6.13-2ubuntu1.10 | UNKNOWN |
| ubuntu | 22.04 | noarch | gnutls28 | <Â 3.7.3-4ubuntu1.4 | UNKNOWN |
| ubuntu | 23.04 | noarch | gnutls28 | <Â 3.7.8-5ubuntu1.2 | UNKNOWN |
| ubuntu | 23.10 | noarch | gnutls28 | <Â 3.8.1-4ubuntu1.2 | UNKNOWN |
| ubuntu | 24.04 | noarch | gnutls28 | <Â 3.8.3-1ubuntu1 | UNKNOWN |
References
access.redhat.com/security/cve/CVE-2024-0553
gnutls.org/security-new.html#GNUTLS-SA-2024-01-14
launchpad.net/bugs/cve/CVE-2024-0553
lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
nvd.nist.gov/vuln/detail/CVE-2024-0553
security-tracker.debian.org/tracker/CVE-2024-0553
ubuntu.com/security/notices/USN-6593-1
www.cve.org/CVERecord?id=CVE-2024-0553
Related
nessus
nessus
EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-1545)
2024-04-19 00:00:00
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-548)
2024-03-06 00:00:00
Debian dla-3740 : gnutls-bin - security update
2024-02-26 00:00:00
redhat
redhat
(RHSA-2024:0627) Moderate: gnutls security update
2024-01-31 08:17:03
(RHSA-2024:1108) Moderate: gnutls security update
2024-03-05 10:44:59
(RHSA-2024:0796) Moderate: gnutls security update
2024-02-13 07:59:43
osv
osv
Moderate: gnutls security update
2024-01-31 00:00:00
Moderate: gnutls security update
2024-02-12 20:17:16
CVE-2024-0553
2024-01-16 12:15:45
redhatcve
redhatcve
CVE-2024-0553
2024-01-16 11:57:31
CVE-2023-5981
2023-11-28 11:49:29
openvas
openvas
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1526)
2024-04-22 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1334)
2024-03-13 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1507)
2024-04-08 00:00:00
rocky
rocky
gnutls security update
2024-02-12 20:17:16
gnutls security update
2024-01-12 19:56:54
f5
f5
K000138649 : GnuTLS vulnerabilities CVE-2023-5981 and CVE-2024-0553
2024-02-21 00:00:00
almalinux
almalinux
Moderate: gnutls security update
2024-01-31 00:00:00
Moderate: gnutls security update
2024-01-29 00:00:00
Moderate: gnutls security update
2024-01-10 00:00:00
cve
cve
CVE-2024-0553
2024-01-16 12:15:45
CVE-2023-5981
2023-11-28 11:49:50
debiancve
debiancve
CVE-2024-0553
2024-01-16 12:15:45
CVE-2023-5981
2023-11-28 11:49:50
cvelist
cvelist
CVE-2024-0553 Gnutls: incomplete fix for cve-2023-5981
2024-01-16 11:40:50
CVE-2023-5981 Gnutls: timing side-channel in the rsa-psk authentication
2023-11-28 11:49:50
prion
prion
Design/Logic Flaw
2024-01-16 12:15:00
Design/Logic Flaw
2023-11-28 12:15:00
debian
debian
[SECURITY] [DLA 3740-1] gnutls28 security update
2024-02-26 09:39:15
[SECURITY] [DLA 3660-1] gnutls28 security update
2023-11-22 19:12:39
alpinelinux
alpinelinux
CVE-2024-0553
2024-01-16 12:15:45
CVE-2023-5981
2023-11-28 11:49:50
oraclelinux
oraclelinux
gnutls security update
2024-01-30 00:00:00
gnutls security update
2024-02-05 00:00:00
gnutls security update
2024-01-11 00:00:00
mageia
mageia
Updated gnutls packages fix security vulnerabilities
2024-02-09 04:34:03
Updated gnutls packages fix a security vulnerability
2024-01-15 01:23:43
redos
redos
ROS-20240405-06
2024-04-05 00:00:00
veracode
veracode
Side Channel Attack
2023-12-01 09:22:24
Information Exposure
2024-01-30 17:22:55
ubuntu
ubuntu
GnuTLS vulnerability
2023-11-21 00:00:00
GnuTLS vulnerability
2024-01-08 00:00:00
GnuTLS vulnerabilities
2024-01-22 00:00:00
cloudfoundry
cloudfoundry
USN-6499-1: GnuTLS vulnerability | Cloud Foundry
2024-03-18 00:00:00
USN-6593-1: GnuTLS vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
slackware
slackware
[slackware-security] gnutls
2024-01-16 20:56:31
fedora
fedora
[SECURITY] Fedora 38 Update: gnutls-3.8.3-1.fc38
2024-02-09 01:51:29
[SECURITY] Fedora 39 Update: gnutls-3.8.3-1.fc39
2024-01-29 06:26:19
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0537
2024-01-03 00:00:00
Moderate Photon OS Security Update - PHSA-2023-3.0-0705
2023-12-28 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0182
2024-01-02 00:00:00
ubuntucve
ubuntucve
CVE-2023-5981
2023-11-17 00:00:00
ibm
ibm