CVE-2024-28834

Updated: 2024-11-30 02:55:00.183851

Description:

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU gnutls 3.7.6 5.3 MEDIUM Released CLSA-2024:1726769216 2024-09-19 14:25:54
CentOS 6 ELS gnutls 2.12.23 5.3 MEDIUM Ignored 2024-09-03 14:21:35
CentOS 7 ELS gnutls 3.3.29 5.3 MEDIUM Ignored 2024-09-03 14:21:35
CentOS 8.4 ELS gnutls 3.6.14 5.3 MEDIUM Released CLSA-2024:1728056228 2024-10-04 14:31:24
CentOS 8.5 ELS gnutls 3.6.16 5.3 MEDIUM Released CLSA-2024:1728056381 2024-10-04 14:31:22
CentOS Stream 8 ELS gnutls 3.6.16 5.3 MEDIUM Ignored 2024-09-03 12:08:53
CloudLinux 6 ELS gnutls 2.12.23 5.3 MEDIUM Ignored 2024-09-03 14:21:35
CloudLinux 7 ELS gnutls 3.3.29 5.3 MEDIUM Ignored 2024-09-03 12:08:53
Oracle Linux 6 ELS gnutls 2.12.23 5.3 MEDIUM Ignored 2024-09-03 14:21:35