Updated: 2024-11-30 02:55:00.183851
Description:
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | NONE | 0 |
CVSS Version 3.x | MEDIUM | 5.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | gnutls | 3.7.6 | 5.3 | MEDIUM | Released | CLSA-2024:1726769216 | 2024-09-19 14:25:54 | |
CentOS 6 ELS | gnutls | 2.12.23 | 5.3 | MEDIUM | Ignored | 2024-09-03 14:21:35 | ||
CentOS 7 ELS | gnutls | 3.3.29 | 5.3 | MEDIUM | Ignored | 2024-09-03 14:21:35 | ||
CentOS 8.4 ELS | gnutls | 3.6.14 | 5.3 | MEDIUM | Released | CLSA-2024:1728056228 | 2024-10-04 14:31:24 | |
CentOS 8.5 ELS | gnutls | 3.6.16 | 5.3 | MEDIUM | Released | CLSA-2024:1728056381 | 2024-10-04 14:31:22 | |
CentOS Stream 8 ELS | gnutls | 3.6.16 | 5.3 | MEDIUM | Ignored | 2024-09-03 12:08:53 | ||
CloudLinux 6 ELS | gnutls | 2.12.23 | 5.3 | MEDIUM | Ignored | 2024-09-03 14:21:35 | ||
CloudLinux 7 ELS | gnutls | 3.3.29 | 5.3 | MEDIUM | Ignored | 2024-09-03 12:08:53 | ||
Oracle Linux 6 ELS | gnutls | 2.12.23 | 5.3 | MEDIUM | Ignored | 2024-09-03 14:21:35 |