Vulnerability CVE-2024-28834: Information

Description

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-28834
Published: March 21, 2024
Modified: May 1, 2024
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
gnutls30sisyphus3.8.4-alt13.8.4-alt1ALT-PU-2024-4634-2343729Fixed
gnutls30sisyphus_e2k3.8.4-alt13.8.4-alt1ALT-PU-2024-4708-1-Fixed
gnutls30sisyphus_riscv643.8.4-alt13.8.4-alt1ALT-PU-2024-4796-1-Fixed
gnutls30sisyphus_loongarch643.8.4-alt13.8.4-alt1ALT-PU-2024-4720-1-Fixed
gnutls30p103.6.16-alt53.6.16-alt6ALT-PU-2024-4754-3343952Fixed
gnutls30p10_e2k3.6.16-alt53.6.16-alt6ALT-PU-2024-6414-1-Fixed
gnutls30p93.6.16-alt53.6.16-alt5ALT-PU-2024-4913-2343958Fixed
gnutls30c10f13.6.16-alt53.6.16-alt5ALT-PU-2024-6430-2344988Fixed
gnutls30c9f23.6.16-alt53.6.16-alt5ALT-PU-2024-4977-3344277Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2024-28834
    RHBZ#2269228
      https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
        https://people.redhat.com/~hkario/marvin/
          RHSA-2024:1784
            https://minerva.crocs.fi.muni.cz/
              RHSA-2024:1879
                RHSA-2024:1997
                  RHSA-2024:2044
                    RHSA-2024:2570
                      http://www.openwall.com/lists/oss-security/2024/03/22/1
                        http://www.openwall.com/lists/oss-security/2024/03/22/2
                          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                          Version: v24.5.0
                          Back to top