CVE-2024-0553
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-0553
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0553.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-0553
- Related
- Published
- 2024-01-16T12:15:45Z
- Modified
- 2024-09-03T04:38:11.475917Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
- References
-
- https://access.redhat.com/errata/RHSA-2024:0533
- https://access.redhat.com/errata/RHSA-2024:0627
- https://access.redhat.com/errata/RHSA-2024:0796
- https://access.redhat.com/errata/RHSA-2024:1082
- https://access.redhat.com/errata/RHSA-2024:1108
- https://access.redhat.com/errata/RHSA-2024:1383
- https://access.redhat.com/errata/RHSA-2024:2094
- https://gitlab.com/gnutls/gnutls/-/issues/1522
- https://security.netapp.com/advisory/ntap-20240202-0011/
- http://www.openwall.com/lists/oss-security/2024/01/19/3
- https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2258412
- https://access.redhat.com/security/cve/CVE-2024-0553
- https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
- https://security.alpinelinux.org/vuln/CVE-2024-0553
Affected packages
Alpine:v3.18 / gnutls
Package
- Name
- gnutls
- Purl
- pkg:apk/alpine/gnutls?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.3-r0
Affected versions
2.*
2.6.4-r0
2.6.5-r0
2.6.6-r0
2.8.1-r0
2.8.1-r1
2.8.3-r0
2.8.5-r0
2.8.5-r1
2.8.6-r0
2.8.6-r1
2.8.6-r2
2.8.6-r3
2.10.4-r0
2.10.5-r0
2.10.5-r1
2.10.5-r2
2.12.6.1-r0
2.12.7-r0
2.12.16-r0
3.*
3.0.17-r0
3.0.18-r0
3.0.19-r0
3.0.20-r0
3.0.21-r0
3.0.22-r0
3.1.0-r0
3.1.1-r0
3.1.2-r0
3.1.3-r0
3.1.4-r0
3.1.5-r0
3.1.5-r1
3.1.6-r1
3.1.7-r1
3.1.8-r1
3.1.9-r0
3.1.10-r0
3.1.11-r0
3.2.1-r0
3.2.1-r1
3.2.2-r1
3.2.3-r0
3.2.4-r0
3.2.4-r1
3.2.5-r0
3.2.6-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0
3.2.10-r0
3.2.11-r0
3.2.12-r0
3.2.12.1-r0
3.3.1-r0
3.3.2-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.7-r1
3.3.8-r0
3.3.9-r0
3.3.9-r1
3.3.10-r0
3.3.11-r0
3.3.12-r0
3.3.13-r0
3.3.14-r0
3.4.0-r0
3.4.1-r0
3.4.1-r1
3.4.2-r0
3.4.3-r0
3.4.4.1-r0
3.4.5-r0
3.4.6-r0
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.13-r0
3.4.14-r0
3.4.14-r1
3.4.15-r0
3.4.16-r0
3.4.17-r0
3.5.8-r0
3.5.8-r1
3.5.9-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.15-r0
3.6.0-r0
3.6.1-r0
3.6.2-r0
3.6.4-r0
3.6.5-r0
3.6.6-r0
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.9-r0
3.6.10-r0
3.6.11.1-r0
3.6.11.1-r1
3.6.12-r0
3.6.13-r0
3.6.13-r1
3.6.13-r2
3.6.14-r0
3.6.15-r0
3.6.15-r1
3.7.0-r0
3.7.1-r0
3.7.3-r0
3.7.4-r0
3.7.5-r0
3.7.6-r0
3.7.7-r0
3.7.7-r1
3.7.8-r0
3.7.8-r1
3.7.8-r2
3.8.0-r0
3.8.0-r1
3.8.0-r2
3.8.1-r0
Alpine:v3.19 / gnutls
Package
- Name
- gnutls
- Purl
- pkg:apk/alpine/gnutls?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.3-r0
Affected versions
2.*
2.6.4-r0
2.6.5-r0
2.6.6-r0
2.8.1-r0
2.8.1-r1
2.8.3-r0
2.8.5-r0
2.8.5-r1
2.8.6-r0
2.8.6-r1
2.8.6-r2
2.8.6-r3
2.10.4-r0
2.10.5-r0
2.10.5-r1
2.10.5-r2
2.12.6.1-r0
2.12.7-r0
2.12.16-r0
3.*
3.0.17-r0
3.0.18-r0
3.0.19-r0
3.0.20-r0
3.0.21-r0
3.0.22-r0
3.1.0-r0
3.1.1-r0
3.1.2-r0
3.1.3-r0
3.1.4-r0
3.1.5-r0
3.1.5-r1
3.1.6-r1
3.1.7-r1
3.1.8-r1
3.1.9-r0
3.1.10-r0
3.1.11-r0
3.2.1-r0
3.2.1-r1
3.2.2-r1
3.2.3-r0
3.2.4-r0
3.2.4-r1
3.2.5-r0
3.2.6-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0
3.2.10-r0
3.2.11-r0
3.2.12-r0
3.2.12.1-r0
3.3.1-r0
3.3.2-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.7-r1
3.3.8-r0
3.3.9-r0
3.3.9-r1
3.3.10-r0
3.3.11-r0
3.3.12-r0
3.3.13-r0
3.3.14-r0
3.4.0-r0
3.4.1-r0
3.4.1-r1
3.4.2-r0
3.4.3-r0
3.4.4.1-r0
3.4.5-r0
3.4.6-r0
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.13-r0
3.4.14-r0
3.4.14-r1
3.4.15-r0
3.4.16-r0
3.4.17-r0
3.5.8-r0
3.5.8-r1
3.5.9-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.15-r0
3.6.0-r0
3.6.1-r0
3.6.2-r0
3.6.4-r0
3.6.5-r0
3.6.6-r0
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.9-r0
3.6.10-r0
3.6.11.1-r0
3.6.11.1-r1
3.6.12-r0
3.6.13-r0
3.6.13-r1
3.6.13-r2
3.6.14-r0
3.6.15-r0
3.6.15-r1
3.7.0-r0
3.7.1-r0
3.7.3-r0
3.7.4-r0
3.7.5-r0
3.7.6-r0
3.7.7-r0
3.7.7-r1
3.7.8-r0
3.7.8-r1
3.7.8-r2
3.8.0-r0
3.8.0-r1
3.8.0-r2
3.8.0-r3
3.8.0-r4
3.8.1-r0
Alpine:v3.20 / gnutls
Package
- Name
- gnutls
- Purl
- pkg:apk/alpine/gnutls?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.3-r0
Affected versions
2.*
2.6.4-r0
2.6.5-r0
2.6.6-r0
2.8.1-r0
2.8.1-r1
2.8.3-r0
2.8.5-r0
2.8.5-r1
2.8.6-r0
2.8.6-r1
2.8.6-r2
2.8.6-r3
2.10.4-r0
2.10.5-r0
2.10.5-r1
2.10.5-r2
2.12.6.1-r0
2.12.7-r0
2.12.16-r0
3.*
3.0.17-r0
3.0.18-r0
3.0.19-r0
3.0.20-r0
3.0.21-r0
3.0.22-r0
3.1.0-r0
3.1.1-r0
3.1.2-r0
3.1.3-r0
3.1.4-r0
3.1.5-r0
3.1.5-r1
3.1.6-r1
3.1.7-r1
3.1.8-r1
3.1.9-r0
3.1.10-r0
3.1.11-r0
3.2.1-r0
3.2.1-r1
3.2.2-r1
3.2.3-r0
3.2.4-r0
3.2.4-r1
3.2.5-r0
3.2.6-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0
3.2.10-r0
3.2.11-r0
3.2.12-r0
3.2.12.1-r0
3.3.1-r0
3.3.2-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.7-r1
3.3.8-r0
3.3.9-r0
3.3.9-r1
3.3.10-r0
3.3.11-r0
3.3.12-r0
3.3.13-r0
3.3.14-r0
3.4.0-r0
3.4.1-r0
3.4.1-r1
3.4.2-r0
3.4.3-r0
3.4.4.1-r0
3.4.5-r0
3.4.6-r0
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.13-r0
3.4.14-r0
3.4.14-r1
3.4.15-r0
3.4.16-r0
3.4.17-r0
3.5.8-r0
3.5.8-r1
3.5.9-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.13-r1
3.5.15-r0
3.6.0-r0
3.6.1-r0
3.6.2-r0
3.6.4-r0
3.6.5-r0
3.6.6-r0
3.6.7-r0
3.6.8-r0
3.6.8-r1
3.6.9-r0
3.6.10-r0
3.6.11.1-r0
3.6.11.1-r1
3.6.12-r0
3.6.13-r0
3.6.13-r1
3.6.13-r2
3.6.14-r0
3.6.15-r0
3.6.15-r1
3.7.0-r0
3.7.1-r0
3.7.3-r0
3.7.4-r0
3.7.5-r0
3.7.6-r0
3.7.7-r0
3.7.7-r1
3.7.8-r0
3.7.8-r1
3.7.8-r2
3.8.0-r0
3.8.0-r1
3.8.0-r2
3.8.0-r3
3.8.0-r4
3.8.1-r0
Git / github.com/gnutls/gnutls
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnutls/gnutls
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
3.*
3.6.12
3.6.13
3.6.14
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.8.0
3.8.1
3.8.2
Other
gnutls-0-0-7
gnutls-0-1-0-srp
gnutls-0_1_2
gnutls-3_0_12
gnutls0-0-4
gnutls0-0-5
gnutls0-0-6
gnutls_0_1_4
gnutls_0_1_9
gnutls_0_2_0
gnutls_0_2_1
gnutls_0_2_10
gnutls_0_2_11
gnutls_0_2_2
gnutls_0_2_3
gnutls_0_2_4
gnutls_0_2_9
gnutls_0_2_90
gnutls_0_2_91
gnutls_0_3_0
gnutls_0_3_1
gnutls_0_3_2
gnutls_0_3_90
gnutls_0_3_91
gnutls_0_3_92
gnutls_0_4_0
gnutls_0_4_1
gnutls_0_4_2
gnutls_0_4_3
gnutls_0_4_with_libtasn1
gnutls_0_5_0
gnutls_0_5_1
gnutls_0_5_10
gnutls_0_5_11
gnutls_0_5_4
gnutls_0_5_5
gnutls_0_5_6
gnutls_0_5_7
gnutls_0_5_8
gnutls_0_5_9
gnutls_0_5_x_before_export_ciphersuites
gnutls_0_5_x_before_int_fixes
gnutls_0_5_x_before_types_change
gnutls_0_5_x_with_export_ciphersuites
gnutls_0_6_0
gnutls_0_8_0
gnutls_0_8_1
gnutls_0_9_1
gnutls_0_9_2
gnutls_0_9_3
gnutls_0_9_4
gnutls_0_9_5
gnutls_0_9_6
gnutls_0_9_7
gnutls_0_9_8
gnutls_0_9_90
gnutls_0_9_91
gnutls_0_9_92
gnutls_0_9_93
gnutls_0_9_94
gnutls_0_9_95
gnutls_0_9_96
gnutls_0_9_97
gnutls_0_9_98
gnutls_0_9_99
gnutls_1_0_0
gnutls_1_0_20
gnutls_1_0_21
gnutls_1_0_22
gnutls_1_0_23
gnutls_1_0_24
gnutls_1_0_25
gnutls_1_1_0
gnutls_1_1_1
gnutls_1_1_10
gnutls_1_1_11
gnutls_1_1_12
gnutls_1_1_13
gnutls_1_1_14
gnutls_1_1_15
gnutls_1_1_16
gnutls_1_1_17
gnutls_1_1_18
gnutls_1_1_19
gnutls_1_1_2
gnutls_1_1_20
gnutls_1_1_21
gnutls_1_1_22
gnutls_1_1_23
gnutls_1_1_3
gnutls_1_1_4
gnutls_1_1_5
gnutls_1_1_6
gnutls_1_1_7
gnutls_1_1_7_pre0
gnutls_1_1_8
gnutls_1_1_9
gnutls_1_2_0
gnutls_1_2_1
gnutls_1_2_10
gnutls_1_2_11
gnutls_1_2_2
gnutls_1_2_3
gnutls_1_2_4
gnutls_1_2_5
gnutls_1_2_6
gnutls_1_2_7
gnutls_1_2_8
gnutls_1_2_9
gnutls_1_3_0
gnutls_1_3_1
gnutls_1_3_2
gnutls_1_3_3
gnutls_1_3_4
gnutls_1_3_5
gnutls_1_4_0
gnutls_1_4_1
gnutls_1_4_2
gnutls_1_5_0
gnutls_1_5_1
gnutls_1_5_2
gnutls_1_5_3
gnutls_1_5_4
gnutls_1_5_5
gnutls_1_6_0
gnutls_1_6_1
gnutls_1_7_0
gnutls_1_7_1
gnutls_1_7_10
gnutls_1_7_11
gnutls_1_7_12
gnutls_1_7_13
gnutls_1_7_14
gnutls_1_7_15
gnutls_1_7_16
gnutls_1_7_17
gnutls_1_7_18
gnutls_1_7_19
gnutls_1_7_2
gnutls_1_7_3
gnutls_1_7_4
gnutls_1_7_5
gnutls_1_7_6
gnutls_1_7_7
gnutls_1_7_8
gnutls_1_7_9
gnutls_2_0_0
gnutls_2_0_1
gnutls_2_11_3
gnutls_2_11_4
gnutls_2_11_5
gnutls_2_11_6
gnutls_2_1_0
gnutls_2_1_1
gnutls_2_1_2
gnutls_2_1_3
gnutls_2_1_4
gnutls_2_1_5
gnutls_2_1_6
gnutls_2_1_7
gnutls_2_1_8
gnutls_2_3_0
gnutls_2_3_1
gnutls_2_3_10
gnutls_2_3_11
gnutls_2_3_12
gnutls_2_3_13
gnutls_2_3_14
gnutls_2_3_15
gnutls_2_3_2
gnutls_2_3_3
gnutls_2_3_4
gnutls_2_3_4_netconf_0
gnutls_2_3_4_netconf_1
gnutls_2_3_4_netconf_2
gnutls_2_3_5
gnutls_2_3_6
gnutls_2_3_7
gnutls_2_3_8
gnutls_2_3_9
gnutls_2_4_0
gnutls_2_5_0
gnutls_2_5_1
gnutls_2_5_2
gnutls_2_5_3
gnutls_2_5_4
gnutls_2_5_5
gnutls_2_5_6
gnutls_2_5_7
gnutls_2_5_8
gnutls_2_5_9
gnutls_2_7_0
gnutls_2_7_1
gnutls_2_7_10
gnutls_2_7_11
gnutls_2_7_12
gnutls_2_7_13
gnutls_2_7_14
gnutls_2_7_2
gnutls_2_7_3
gnutls_2_7_4
gnutls_2_7_5
gnutls_2_7_6
gnutls_2_7_7
gnutls_2_7_8
gnutls_2_7_9
gnutls_2_8_0
gnutls_2_99_0
gnutls_2_99_1
gnutls_2_99_2
gnutls_2_99_3
gnutls_2_99_4
gnutls_2_9_0
gnutls_2_9_1
gnutls_2_9_10
gnutls_2_9_2
gnutls_2_9_3
gnutls_2_9_4
gnutls_2_9_5
gnutls_2_9_6
gnutls_2_9_7
gnutls_2_9_8
gnutls_2_9_9
gnutls_3_0_0
gnutls_3_0_10
gnutls_3_0_11
gnutls_3_0_13
gnutls_3_0_14
gnutls_3_0_15
gnutls_3_0_16
gnutls_3_0_17
gnutls_3_0_18
gnutls_3_0_2
gnutls_3_0_21
gnutls_3_0_3
gnutls_3_0_4
gnutls_3_0_5
gnutls_3_0_6
gnutls_3_0_7
gnutls_3_0_8
gnutls_3_0_9
gnutls_3_1_0
gnutls_3_1_0pre0
gnutls_3_1_2
gnutls_3_1_3
gnutls_3_1_4
gnutls_3_1_5
gnutls_3_1_6
gnutls_3_1_7
gnutls_3_1_8
gnutls_3_1_9
gnutls_3_2_0
gnutls_3_2_2
gnutls_3_2_3
gnutls_3_2_3pre0
gnutls_3_2_4
gnutls_3_2_5
gnutls_3_2_6
gnutls_3_3_0
gnutls_3_3_1
gnutls_3_3_2
gnutls_3_3_3
gnutls_3_3_4
gnutls_3_3_5
gnutls_3_3_6
gnutls_3_4_0
gnutls_3_4_1
gnutls_3_4_2
gnutls_3_4_3
gnutls_3_5_0
gnutls_3_5_1
gnutls_3_5_2
gnutls_3_5_3
gnutls_3_5_4
gnutls_3_5_5
gnutls_3_5_7
gnutls_3_6_0
gnutls_3_6_0_1
gnutls_3_6_1
gnutls_3_6_10
gnutls_3_6_11
gnutls_3_6_11_1
gnutls_3_6_12
gnutls_3_6_2
gnutls_3_6_3
gnutls_3_6_4
gnutls_3_6_5
gnutls_3_6_6
gnutls_3_6_7
gnutls_3_6_9