Lucene search

Veracode Vulnerability DatabaseVERACODE:7349

HistoryAug 23, 2018 - 8:49 a.m.

Timing Attack

2018-08-2308:49:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

libgnutls.so is vulnerable to timing attacks. A malicious user could statistically analyze the timing data by sending packets to the application, conducting an attack similar to the “Lucky Thirteen” attack.

CPENameOperatorVersion
libgnutls.sole28.43.0
libgnutls.sole28.43.0

CPE	Name	Operator	Version
	libgnutls.so	le	28.43.0
	libgnutls.so	le	28.43.0

References

www.securityfocus.com/bid/105138

access.redhat.com/errata/RHSA-2018:3050

access.redhat.com/errata/RHSA-2018:3505

access.redhat.com/security/cve/CVE-2018-10844

bugzilla.redhat.com/show_bug.cgi?id=1582571

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844

eprint.iacr.org/2018/747

gitlab.com/gnutls/gnutls/issues/456

gitlab.com/gnutls/gnutls/merge_requests/657

lists.debian.org/debian-lts-announce/2018/10/msg00022.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/

lists.fedoraproject.org/archives/list/[email protected]/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/

lists.fedoraproject.org/archives/list/[email protected]/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/

usn.ubuntu.com/3999-1/

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:7349