AZL-37109

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37109.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-37109

Upstream

CVE-2024-28834

Published

2024-03-21T14:15:07Z

Modified

2026-04-01T05:12:26.999642Z

Summary

CVE-2024-28834 affecting package gnutls for versions less than 3.8.3-2

Details

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-28834

Affected packages

Azure Linux:3 / gnutls

Package

Name: gnutls
Purl: pkg:rpm/azure-linux/gnutls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.3-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37109.json"