Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-10844

Опубликовано: 22 авг. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.9

Описание

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

needed

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

released

3.5.18-1ubuntu1.1
cosmic

not-affected

3.6.4-2ubuntu1
devel

not-affected

3.6.5-2ubuntu1
disco

not-affected

3.6.5-2ubuntu1
eoan

not-affected

3.6.5-2ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
esm-infra/bionic

released

3.5.18-1ubuntu1.1
esm-infra/focal

not-affected

3.6.5-2ubuntu1
esm-infra/xenial

released

3.4.10-4ubuntu1.5
fips-preview/jammy

not-affected

3.6.5-2ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%
0.00194
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-10844

CVSS3: 5.9
redhat
около 7 лет назад

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

nvd логотип

CVE-2018-10844

CVSS3: 5.9
nvd
около 7 лет назад

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

debian логотип

CVE-2018-10844

CVSS3: 5.9
debian
около 7 лет назад

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulner ...

github логотип

GHSA-9779-jfg9-frm3

CVSS3: 5.9
github
больше 3 лет назад

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

fstec логотип

BDU:2020-01598

CVSS3: 5.9
fstec
больше 7 лет назад

Уязвимость реализации механизма HMAC-SHA-256 криптографической библиотеки GnuTLS, позволяющая нарушителю осуществить атаку типа «Lucky 13» и атаку с восстановлением открытого текста

EPSS

Процентиль: 42%
0.00194
Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3