Lucene search
RedhatCVELIST:CVE-2024-28834HistoryMar 21, 2024 - 1:29 p.m.
CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak
2024-03-2113:29:11
CWE-200
redhat
www.cve.org
7
gnutls
minerva attack
cryptographic vulnerability
side-channel leaks
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.7
Confidence
High
EPSS
0
Percentile
13.8%
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.6.16-8.el8_9.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.6.16-8.el8_9.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.6.16-5.el8_6.4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream",
"cpe:/o:redhat:rhel_eus:8.6::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.6.16-7.el8_8.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.7.6-23.el9_3.4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.8.3-4.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.7.6-23.el9_3.4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.8.3-4.el9_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "affected",
"versions": [
{
"version": "0:3.7.6-21.el9_2.3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gnutls",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
}
]References
access.redhat.com/errata/RHSA-2024:1784
access.redhat.com/errata/RHSA-2024:1879
access.redhat.com/errata/RHSA-2024:1997
access.redhat.com/errata/RHSA-2024:2044
access.redhat.com/errata/RHSA-2024:2570
access.redhat.com/errata/RHSA-2024:2889
access.redhat.com/security/cve/CVE-2024-28834
bugzilla.redhat.com/show_bug.cgi?id=2269228
lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
minerva.crocs.fi.muni.cz/
Related
redos
redos
ROS-20240717-06
2024-07-17 00:00:00
osv
osv
Moderate: gnutls security update
2024-05-06 13:04:07
CVE-2024-28834
2024-03-21 14:15:07
Moderate: gnutls security update
2024-04-11 00:00:00
redhat
redhat
(RHSA-2024:1997) Moderate: gnutls security update
2024-04-23 13:53:29
(RHSA-2024:1784) Moderate: gnutls security update
2024-04-11 15:26:54
(RHSA-2024:2044) Moderate: gnutls security update
2024-04-25 00:56:15
nessus
nessus
RHEL 8 : gnutls (RHSA-2024:2044)
2024-04-25 00:00:00
EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-2138)
2024-08-19 00:00:00
Oracle Linux 8 : gnutls (ELSA-2024-1784)
2024-04-15 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1855)
2024-07-01 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2138)
2024-08-20 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1884)
2024-07-16 00:00:00
vulnrichment
vulnrichment
CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak
2024-03-21 13:29:11
oraclelinux
oraclelinux
gnutls security update
2024-04-15 00:00:00
gnutls security update
2024-05-08 00:00:00
gnutls security update
2024-05-07 00:00:00
cve
cve
CVE-2024-28834
2024-03-21 14:15:07
ubuntucve
ubuntucve
CVE-2024-28834
2024-03-21 00:00:00
almalinux
almalinux
Moderate: gnutls security update
2024-04-11 00:00:00
Moderate: gnutls security update
2024-04-30 00:00:00
Moderate: gnutls security update
2024-04-18 00:00:00
debiancve
debiancve
CVE-2024-28834
2024-03-21 14:15:07
veracode
veracode
Sensitive Information Disclosure
2024-04-11 02:00:34
rocky
rocky
gnutls security update
2024-05-06 13:04:07
gnutls security update
2024-05-10 14:32:36
nvd
nvd
CVE-2024-28834
2024-03-21 14:15:07
redhatcve
redhatcve
CVE-2024-28834
2024-03-21 06:08:46
photon
photon
Moderate Photon OS Security Update - PHSA-2024-3.0-0755
2024-05-01 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0590
2024-04-04 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0240
2024-04-04 00:00:00
ubuntu
ubuntu
GnuTLS vulnerabilities
2024-04-15 00:00:00
GnuTLS vulnerabilities
2024-04-29 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: gnutls-3.8.4-1.fc39
2024-03-24 01:07:12
[SECURITY] Fedora 38 Update: gnutls-3.8.4-1.fc38
2024-03-31 01:54:40
[SECURITY] Fedora 40 Update: gnutls-3.8.5-1.fc40
2024-04-19 21:42:06
cloudfoundry
cloudfoundry
USN-6733-1: GnuTLS vulnerabilities | Cloud Foundry
2024-05-23 00:00:00
mageia
mageia
Updated gnutls packages fix security vulnerabilities
2024-03-26 11:00:24
f5
f5
K000141041: GnuTLS vulnerabilities CVE-2024-28834 and CVE-2024-28835
2024-09-12 00:00:00
slackware
slackware
[slackware-security] gnutls
2024-03-20 00:27:18
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.7
Confidence
High
EPSS
0
Percentile
13.8%
Related for CVELIST:CVE-2024-28834