PT-2018-10137 · Gnu+5 · Gnutls+5

Adi Shamir

Published

2018-08-22

Updated

2024-06-15

CVE-2018-10846

CVSS v3.1

5.6

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description A cache-based side channel in the GnuTLS implementation allows for plain text recovery in a cross-VM attack setting. An attacker can use a combination of "Just in Time" Prime+probe attack and Lucky-13 attack with crafted packets to recover plain text.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-385

Related Identifiers

ALT-PU-2020-1134

ALT-PU-2020-1224

CESA-2018_3050

CVE-2018-10846

DLA-1560-1

MGASA-2018-0435

OPENSUSE-SU-2018_2854-1

OPENSUSE-SU-2018_2958-1

OPENSUSE-SU-2024:10801-1

RHSA-2018:3050

RHSA-2018_3050

SUSE-SU-2018:2825-1

SUSE-SU-2018:2825-2

SUSE-SU-2018:2842-1

SUSE-SU-2018:2930-1

SUSE-SU-2019:14058-1

SUSE-SU-2019_14058-1

USN-3999-1

Affected Products

Alt Linux

Centos

Gnutls

Red Hat

Suse

Ubuntu

PT-2018-10137 · Gnu+5 · Gnutls+5

CVE-2018-10846

Weakness Enumeration

Related Identifiers

Affected Products

References · 94