First published: Thu Sep 12 2024(Updated: )
CVE-2024-28834 A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. CVE-2024-28835 A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Traffix Systems Signaling Delivery Controller | =5.2.0=5.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of F5-K000141041 is classified as high due to the potential for side-channel leaks.
To fix F5-K000141041, update your GnuTLS implementation to the latest version that addresses the Minerva attack.
F5-K000141041 affects F5 Traffix Systems Signaling Delivery Controller versions 5.1.0 and 5.2.0.
F5-K000141041 is a cryptographic vulnerability that exploits deterministic behavior in GnuTLS to leak sensitive information.
Currently, the only effective workaround for F5-K000141041 is to completely avoid using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag.