Updated: 2024-11-24 04:35:42.405688
Description:
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | gnutls | 3.7.6 | 7.5 | HIGH | Already Fixed | 2024-10-01 05:28:46 | ||
| CentOS 6 ELS | gnutls | 2.12.23 | 7.5 | HIGH | Not Vulnerable | 2024-02-05 13:09:36 | ||
| CentOS 7 ELS | gnutls | 3.3.29 | 7.5 | HIGH | Released | CLSA-2024:1710184399 | 2024-03-24 09:49:34 | |
| CentOS 8.4 ELS | gnutls | 3.6.14 | 7.5 | HIGH | Released | CLSA-2024:1708029216 | 2024-02-15 16:09:09 | |
| CentOS 8.5 ELS | gnutls | 3.6.16 | 7.5 | HIGH | Released | CLSA-2024:1708029490 | 2024-02-15 16:09:08 | |
| CentOS Stream 8 ELS | gnutls | 3.6.16 | 7.5 | HIGH | Already Fixed | 2024-05-21 10:11:59 | ||
| CloudLinux 6 ELS | gnutls | 2.12.23 | 7.5 | HIGH | Not Vulnerable | 2024-02-05 13:09:36 | ||
| CloudLinux 7 ELS | gnutls | 3.3.29 | 7.5 | HIGH | Released | CLSA-2024:1724705867 | 2024-09-09 12:19:15 | |
| Oracle Linux 6 ELS | gnutls | 2.12.23 | 7.5 | HIGH | Not Vulnerable | 2024-02-05 13:09:36 | ||
| Oracle Linux 7 ELS | gnutls | 3.3.29 | 7.5 | HIGH | Released | CLSA-2024:1734368297 | 2024-12-16 13:22:43 |