Описание
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Отчет
The Minerva attack vulnerability in GnuTLS, as identified through deterministic code behavior, poses a moderate severity risk due to its potential exploitation in cryptographic systems. This vulnerability enables adversaries to infer information about the cryptographic operations by observing subtle variations in nonce sizes, leading to a side-channel attack. The deterministic nature of the code allows attackers to discern patterns in the nonce generation process, thereby compromising the confidentiality and integrity of cryptographic communications. While the impact of this vulnerability may not be immediate or widespread, its exploitation could facilitate targeted attacks against systems relying on GnuTLS for secure communication.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gnutls | Affected | ||
| Red Hat Enterprise Linux 6 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gnutls | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2024:1784 | 11.04.2024 |
| Red Hat Enterprise Linux 8 | gnutls | Fixed | RHSA-2024:1784 | 11.04.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | gnutls | Fixed | RHSA-2024:2044 | 25.04.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | gnutls | Fixed | RHSA-2024:1997 | 23.04.2024 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:1879 | 18.04.2024 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:2570 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | gnutls | Fixed | RHSA-2024:1879 | 18.04.2024 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...
5.3 Medium
CVSS3