CVE-2024-0553

Updated: 2024-07-08 20:35:40.25814

Description:

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU gnutls 3.7.6 7.5 HIGH Released CLSA-2024:1708029809 2024-02-15 16:09:08
CentOS 6 ELS gnutls 2.12.23 7.5 HIGH Not Vulnerable 2024-02-05 13:09:36
CentOS 7 ELS gnutls 3.3.29 7.5 HIGH Released CLSA-2024:1710184399 2024-03-24 09:49:34
CentOS 8.4 ELS gnutls 3.6.14 7.5 HIGH Released CLSA-2024:1708029216 2024-02-15 16:09:09
CentOS 8.5 ELS gnutls 3.6.16 7.5 HIGH Released CLSA-2024:1708029490 2024-02-15 16:09:08
CentOS Stream 8 ELS gnutls 3.6.16 7.5 HIGH Already Fixed 2024-05-21 10:11:59
CloudLinux 6 ELS gnutls 2.12.23 7.5 HIGH Not Vulnerable 2024-02-05 13:09:36
Oracle Linux 6 ELS gnutls 2.12.23 7.5 HIGH Not Vulnerable 2024-02-05 13:09:36

Statement

Already fixed.