CVE-2024-28834
Gnutls: vulnerable to minerva side-channel information leak
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
gnutlsRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2024:1784https://access.redhat.com/errata/RHSA-2024:1879https://access.redhat.com/errata/RHSA-2024:1997https://access.redhat.com/errata/RHSA-2024:2044https://access.redhat.com/errata/RHSA-2024:2570https://access.redhat.com/errata/RHSA-2024:2889https://access.redhat.com/security/cve/CVE-2024-28834https://bugzilla.redhat.com/show_bug.cgi?id=2269228https://lists.debian.org/debian-lts-announce/2024/09/msg00019.htmlhttps://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.htmlhttps://minerva.crocs.fi.muni.cz/https://people.redhat.com/~hkario/marvin/