Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-10846

Опубликовано: 22 авг. 2018
Источник: debian
EPSS Низкий

Описание

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gnutls28fixed3.6.3-1experimentalpackage
gnutls28fixed3.5.19-1package
gnutls28fixed3.5.8-5+deb9u4stretchpackage
gnutls26removedpackage

Примечания

  • https://gitlab.com/gnutls/gnutls/merge_requests/657

  • https://gitlab.com/gnutls/gnutls/commit/ce671a6db9e47006cff152d485091141b1569f39 (master)

  • The proposed fix is to introduce a new option to force encrypt-then-mac

  • instead of correcting the issue.

  • https://eprint.iacr.org/2018/747

  • Backport of the MR657 to 3.5.x: https://gitlab.com/gnutls/gnutls/merge_requests/663

EPSS

Процентиль: 2%
0.00014
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-10846

CVSS3: 5.6
ubuntu
около 7 лет назад

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

redhat логотип

CVE-2018-10846

CVSS3: 5.3
redhat
около 7 лет назад

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

nvd логотип

CVE-2018-10846

CVSS3: 5.6
nvd
около 7 лет назад

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

github логотип

GHSA-qgw6-cgvx-vw2g

CVSS3: 5.6
github
больше 3 лет назад

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

suse-cvrf логотип

SUSE-SU-2019:14058-1

suse-cvrf
больше 6 лет назад

Security update for gnutls

EPSS

Процентиль: 2%
0.00014
Низкий