Lucene search

K

GoogleOSV:USN-6593-1

HistoryJan 22, 2024 - 1:16 p.m.

gnutls28 vulnerabilities

2024-01-2213:16:42

Google

osv.dev

5

gnutls

vulnerabilities

rsa-psk

certificate chain

cross-signing

denial of service

remote attacker

sensitive information

ubuntu 22.04 lts

ubuntu 23.04

ubuntu 23.10

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.0%

It was discovered that GnuTLS had a timing side-channel when processing
malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could
possibly use this issue to recover sensitive information. (CVE-2024-0553)

It was discovered that GnuTLS incorrectly handled certain certificate
chains with a cross-signing loop. A remote attacker could possibly use this
issue to cause GnuTLS to crash, resulting in a denial of service. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.
(CVE-2024-0567)

References

ubuntu.com/security/CVE-2024-0553

ubuntu.com/security/CVE-2024-0567

ubuntu.com/security/notices/USN-6593-1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.0%

Related for OSV:USN-6593-1