CVE-2024-0553

Name
CVE-2024-0553
Description
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2024-0553
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2258412
secalert@redhat.com https://gitlab.com/gnutls/gnutls/-/issues/1522
secalert@redhat.com https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
secalert@redhat.com http://www.openwall.com/lists/oss-security/2024/01/19/3
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0533
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0627
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240202-0011/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0796
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html
vendor-advisory https://access.redhat.com/errata/RHSA-2024:1082
vendor-advisory https://access.redhat.com/errata/RHSA-2024:1108
vendor-advisory https://access.redhat.com/errata/RHSA-2024:1383
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2094

Match rules

CPE URI Source package Min version Max version
shopxo >= 3.8.0 < 3.8.3
cpe:/o:redhat:enterprise_linux:8::baseos shopxo >= 0:3.6.16-8.el8_9.1 < *
cpe:/a:redhat:rhel_eus:8.6::appstream shopxo >= 0:3.6.16-5.el8_6.3 < *
cpe:/o:redhat:rhel_eus:8.8::baseos shopxo >= 0:3.6.16-7.el8_8.2 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:3.7.6-23.el9_3.3 < *
cpe:/o:redhat:rhel_eus:9.2::baseos shopxo >= 0:3.7.6-21.el9_2.2 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-37 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-68 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-158 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-39 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-58 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-13 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-81 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-79 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-22 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-57 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-6 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-15 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-54 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-10 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-26 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-19 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-21 < *
cpe:/a:redhat:openshift_data_foundation:4.15::el9 shopxo >= v4.15.0-103 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-22 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-11 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v6.8.1-407 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-19 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v1.0.0-479 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-7 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v0.4.0-247 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-5 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v1.1.0-227 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.1-470 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v2.9.6-14 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-2 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-24 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v5.8.6-10 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v0.1.0-525 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v0.1.0-224 < *
cpe:/a:redhat:logging:5.8::el9 shopxo >= v0.28.1-56 < *
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* gnutls >= None < 3.8.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gnutls edge-main 3.8.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls edge-main 3.8.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.7.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.7.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
gnutls edge-main 3.6.15-r0 None possibly vulnerable
gnutls edge-main 3.6.14-r0 None possibly vulnerable
gnutls edge-main 3.6.13-r0 None possibly vulnerable
gnutls edge-main 3.6.7-r0 None possibly vulnerable
gnutls edge-main 3.5.13-r0 None possibly vulnerable
gnutls 3.22-main 3.8.3-r0 None fixed
gnutls 3.22-main 3.8.0-r0 None possibly vulnerable
gnutls 3.22-main 3.7.7-r0 None possibly vulnerable
gnutls 3.22-main 3.7.1-r0 None possibly vulnerable
gnutls 3.22-main 3.6.15-r0 None possibly vulnerable
gnutls 3.22-main 3.6.14-r0 None possibly vulnerable
gnutls 3.22-main 3.6.13-r0 None possibly vulnerable
gnutls 3.22-main 3.6.7-r0 None possibly vulnerable
gnutls 3.22-main 3.5.13-r0 None possibly vulnerable
gnutls 3.21-main 3.8.3-r0 None fixed
gnutls 3.21-main 3.8.0-r0 None possibly vulnerable
gnutls 3.21-main 3.7.7-r0 None possibly vulnerable
gnutls 3.21-main 3.7.1-r0 None possibly vulnerable
gnutls 3.21-main 3.6.15-r0 None possibly vulnerable
gnutls 3.21-main 3.6.14-r0 None possibly vulnerable
gnutls 3.21-main 3.6.13-r0 None possibly vulnerable
gnutls 3.21-main 3.6.7-r0 None possibly vulnerable
gnutls 3.21-main 3.5.13-r0 None possibly vulnerable
gnutls 3.20-main 3.8.3-r0 None fixed
gnutls 3.20-main 3.8.0-r0 None possibly vulnerable
gnutls 3.20-main 3.7.7-r0 None possibly vulnerable
gnutls 3.20-main 3.7.1-r0 None possibly vulnerable
gnutls 3.20-main 3.6.15-r0 None possibly vulnerable
gnutls 3.20-main 3.6.14-r0 None possibly vulnerable
gnutls 3.20-main 3.6.13-r0 None possibly vulnerable
gnutls 3.20-main 3.6.7-r0 None possibly vulnerable
gnutls 3.20-main 3.5.13-r0 None possibly vulnerable
gnutls 3.19-main 3.8.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.19-main 3.8.0-r0 None possibly vulnerable
gnutls 3.19-main 3.7.7-r0 None possibly vulnerable
gnutls 3.19-main 3.7.1-r0 None possibly vulnerable
gnutls 3.19-main 3.6.15-r0 None possibly vulnerable
gnutls 3.19-main 3.6.14-r0 None possibly vulnerable
gnutls 3.19-main 3.6.13-r0 None possibly vulnerable
gnutls 3.19-main 3.6.7-r0 None possibly vulnerable
gnutls 3.19-main 3.5.13-r0 None possibly vulnerable
gnutls 3.18-main 3.8.3-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
gnutls 3.17-main 3.7.8-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable