We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-28834

Gnutls: vulnerable to minerva side-channel information leak



Description

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Reserved 2024-03-11 | Published 2024-03-21 | Updated 2025-05-21 | Assigner redhat


MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status
unaffected

3.7.6-23
affected

Default status
affected

0:3.6.16-8.el8_9.3 before *
unaffected

Default status
affected

0:3.6.16-8.el8_9.3 before *
unaffected

Default status
affected

0:3.6.16-5.el8_6.4 before *
unaffected

Default status
affected

0:3.6.16-7.el8_8.3 before *
unaffected

Default status
affected

0:3.7.6-23.el9_3.4 before *
unaffected

Default status
affected

0:3.8.3-4.el9_4 before *
unaffected

Default status
affected

0:3.7.6-23.el9_3.4 before *
unaffected

Default status
affected

0:3.8.3-4.el9_4 before *
unaffected

Default status
affected

0:3.7.6-21.el9_2.3 before *
unaffected

Default status
affected

Default status
unknown

Default status
unknown

Timeline

2024-03-11:Reported to Red Hat.
2024-03-21:Made public.

References

access.redhat.com/errata/RHSA-2024:1784 (RHSA-2024:1784) vendor-advisory

access.redhat.com/errata/RHSA-2024:1879 (RHSA-2024:1879) vendor-advisory

access.redhat.com/errata/RHSA-2024:1997 (RHSA-2024:1997) vendor-advisory

access.redhat.com/errata/RHSA-2024:2044 (RHSA-2024:2044) vendor-advisory

access.redhat.com/errata/RHSA-2024:2570 (RHSA-2024:2570) vendor-advisory

access.redhat.com/errata/RHSA-2024:2889 (RHSA-2024:2889) vendor-advisory

access.redhat.com/security/cve/CVE-2024-28834 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2269228 (RHBZ#2269228) issue-tracking

lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

minerva.crocs.fi.muni.cz/

cve.org (CVE-2024-28834)

nvd.nist.gov (CVE-2024-28834)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-28834

Support options

Helpdesk Chat, Email, Knowledgebase