CVE-2024-28834
Gnutls: vulnerable to minerva side-channel information leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Se encontró una falla en GnuTLS. El ataque Minerva es una vulnerabilidad criptográfica que explota el comportamiento determinista en sistemas como GnuTLS, lo que genera filtraciones de canales laterales. En escenarios específicos, como cuando se usa el indicador GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE, puede resultar en un paso notable en el tamaño del nonce de 513 a 512 bits, exponiendo un posible canal lateral de temporización.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-11 CVE Reserved
- 2024-03-21 CVE Published
- 2024-09-12 CVE Updated
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (14)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:1784 | 2024-06-10 | |
https://access.redhat.com/errata/RHSA-2024:1879 | 2024-06-10 | |
https://access.redhat.com/errata/RHSA-2024:1997 | 2024-06-10 | |
https://access.redhat.com/errata/RHSA-2024:2044 | 2024-06-10 | |
https://access.redhat.com/errata/RHSA-2024:2570 | 2024-06-10 | |
https://access.redhat.com/errata/RHSA-2024:2889 | 2024-06-10 | |
https://access.redhat.com/security/cve/CVE-2024-28834 | 2024-05-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2269228 | 2024-05-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
- | - | - | - | - |