Vulnerability CVE-2024-0553: Information
Description
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
gnutls30 | sisyphus | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-1258-1 | 338392 | Fixed |
gnutls30 | sisyphus_e2k | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-1280-1 | - | Fixed |
gnutls30 | sisyphus_riscv64 | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-2878-1 | - | Fixed |
gnutls30 | sisyphus_loongarch64 | 3.8.3-alt1 | 3.8.4-alt1 | ALT-PU-2024-1444-1 | - | Fixed |
gnutls30 | p10 | 3.6.16-alt5 | 3.6.16-alt6 | ALT-PU-2024-4754-3 | 343952 | Fixed |
gnutls30 | p10_e2k | 3.6.16-alt5 | 3.6.16-alt6 | ALT-PU-2024-6414-1 | - | Fixed |
gnutls30 | p9 | 3.6.16-alt5 | 3.6.16-alt5 | ALT-PU-2024-4913-2 | 343958 | Fixed |
gnutls30 | c10f1 | 3.6.16-alt5 | 3.6.16-alt5 | ALT-PU-2024-6430-2 | 344988 | Fixed |
gnutls30 | c9f2 | 3.6.16-alt5 | 3.6.16-alt5 | ALT-PU-2024-4977-3 | 344277 | Fixed |