A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Redhat
  • Enterprise Linux
Gnu
  • Gnutls
Fedoraproject
  • Fedora

Configuration 1 [-]

cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
http://www.openwall.com/lists/oss-security/2024/01/19/3 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0533
https://access.redhat.com/errata/RHSA-2024:0627
https://access.redhat.com/errata/RHSA-2024:0796
https://access.redhat.com/errata/RHSA-2024:1082
https://access.redhat.com/errata/RHSA-2024:1108
https://access.redhat.com/errata/RHSA-2024:1383
https://access.redhat.com/security/cve/CVE-2024-0553 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2258412 Issue Tracking Third Party Advisory
https://gitlab.com/gnutls/gnutls/-/issues/1522 Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html Mailing List
https://security.netapp.com/advisory/ntap-20240202-0011/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2024-01-16T11:40:50.677Z

Updated: 2024-07-08T17:28:56.249Z

Reserved: 2024-01-15T04:35:34.146Z

Link: CVE-2024-0553

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2024-01-16T12:15:45.557

Modified: 2024-06-27T12:15:17.037

Link: CVE-2024-0553

JSON object: View

cve-icon Redhat Information

No data.

CWE