First published: Mon Jan 15 2024(Updated: )
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Gnu Gnutls | <3.8.3 | |
Fedoraproject Fedora | =39 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
ubuntu/gnutls28 | <3.6.13-2ubuntu1.10 | 3.6.13-2ubuntu1.10 |
ubuntu/gnutls28 | <3.7.3-4ubuntu1.4 | 3.7.3-4ubuntu1.4 |
ubuntu/gnutls28 | <3.7.8-5ubuntu1.2 | 3.7.8-5ubuntu1.2 |
ubuntu/gnutls28 | <3.8.1-4ubuntu1.2 | 3.8.1-4ubuntu1.2 |
ubuntu/gnutls28 | <3.8.3-1 | 3.8.3-1 |
redhat/gnutls | <3.8.3 | 3.8.3 |
debian/gnutls28 | <=3.6.7-4+deb10u8<=3.7.1-5+deb11u4<=3.7.1-5+deb11u3 | 3.6.7-4+deb10u12 3.7.9-2+deb12u2 3.8.5-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.