5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
A flaw was found in GnuTLS. The Minerva attack is a cryptographic
vulnerability that exploits deterministic behavior in systems like GnuTLS,
leading to side-channel leaks. In specific scenarios, such as when using
the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable
step in nonce size from 513 to 512 bits, exposing a potential timing
side-channel.
Author | Note |
---|---|
mdeslaur | per Debian, introduced in 3.6.10 |
access.redhat.com/security/cve/CVE-2024-28834
launchpad.net/bugs/cve/CVE-2024-28834
lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
nvd.nist.gov/vuln/detail/CVE-2024-28834
people.redhat.com/~hkario/marvin/
security-tracker.debian.org/tracker/CVE-2024-28834
ubuntu.com/security/notices/USN-6733-1
ubuntu.com/security/notices/USN-6733-2
www.cve.org/CVERecord?id=CVE-2024-28834
www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.1 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%