CVE-2024-0553

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GnuTLS (affected versions not specified)

Description The issue is related to a difference in response time when handling RSA ciphertext in ClientKeyExchange messages with correct and incorrect PKCS#1 padding. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-385CWE-203

Related Identifiers

ALSA-2024:0533

ALSA-2024:0627

ALT-PU-2024-1258

ALT-PU-2024-4754

ALT-PU-2024-4913

ALT-PU-2024-4977

ALT-PU-2024-6430

AZL-33341

AZL-34739

BDU:2024-00707

CESA-2024_0627

CVE-2024-0553

DLA-3740-1

MGASA-2024-0031

OESA-2024-1090

OESA-2024-1091

OESA-2024-1092

OESA-2024-1093

OESA-2024-1094

OESA-2024-1095

OPENSUSE-SU-2024:13593-1

OPENSUSE-SU-2024_0638-1

RHSA-2024:0533

RHSA-2024:0627

RHSA-2024:0796

RHSA-2024:1082

RHSA-2024:1108

RHSA-2024_0533

RHSA-2024_0627

RLSA-2024:0627

ROSA-SA-2025-2607

SUSE-SU-2024:0638-1

SUSE-SU-2024:0638-2

SUSE-SU-2024:0860-1

SUSE-SU-2024:1179-1

SUSE-SU-2024_0638-1

SUSE-SU-2024_0638-2

USN-6593-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Gnutls

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2024-0553

Weakness Enumeration

Related Identifiers

Affected Products

References · 114