CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0553.json",
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-203"
    ]
}

References

Affected packages

Git / github.com/gnutls/gnutls

Affected ranges

Type

GIT

Repo

https://github.com/gnutls/gnutls

Events

Introduced

Fixed

2f04c14daa086889b4e85f7056c39d23766ddaa1

Database specific

{
    "cpe": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.3"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

3.*

3.6.12

3.6.13

3.6.14

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.7

3.7.8

3.8.0

3.8.1

3.8.2

Other

gnutls-0-0-7

gnutls-0-1-0-srp

gnutls-0_1_2

gnutls-3_0_12

gnutls0-0-4

gnutls0-0-5

gnutls0-0-6

gnutls_0_1_4

gnutls_0_1_9

gnutls_0_2_0

gnutls_0_2_1

gnutls_0_2_10

gnutls_0_2_11

gnutls_0_2_2

gnutls_0_2_3

gnutls_0_2_4

gnutls_0_2_9

gnutls_0_2_90

gnutls_0_2_91

gnutls_0_3_0

gnutls_0_3_1

gnutls_0_3_2

gnutls_0_3_90

gnutls_0_3_91

gnutls_0_3_92

gnutls_0_4_0

gnutls_0_4_1

gnutls_0_4_2

gnutls_0_4_3

gnutls_0_4_with_libtasn1

gnutls_0_5_0

gnutls_0_5_1

gnutls_0_5_10

gnutls_0_5_11

gnutls_0_5_4

gnutls_0_5_5

gnutls_0_5_6

gnutls_0_5_7

gnutls_0_5_8

gnutls_0_5_9

gnutls_0_5_x_before_export_ciphersuites

gnutls_0_5_x_before_int_fixes

gnutls_0_5_x_before_types_change

gnutls_0_5_x_with_export_ciphersuites

gnutls_0_6_0

gnutls_0_8_0

gnutls_0_8_1

gnutls_0_9_1

gnutls_0_9_2

gnutls_0_9_3

gnutls_0_9_4

gnutls_0_9_5

gnutls_0_9_6

gnutls_0_9_7

gnutls_0_9_8

gnutls_0_9_90

gnutls_0_9_91

gnutls_0_9_92

gnutls_0_9_93

gnutls_0_9_94

gnutls_0_9_95

gnutls_0_9_96

gnutls_0_9_97

gnutls_0_9_98

gnutls_0_9_99

gnutls_1_0_0

gnutls_1_0_20

gnutls_1_0_21

gnutls_1_0_22

gnutls_1_0_23

gnutls_1_0_24

gnutls_1_0_25

gnutls_1_1_0

gnutls_1_1_1

gnutls_1_1_10

gnutls_1_1_11

gnutls_1_1_12

gnutls_1_1_13

gnutls_1_1_14

gnutls_1_1_15

gnutls_1_1_16

gnutls_1_1_17

gnutls_1_1_18

gnutls_1_1_19

gnutls_1_1_2

gnutls_1_1_20

gnutls_1_1_21

gnutls_1_1_22

gnutls_1_1_23

gnutls_1_1_3

gnutls_1_1_4

gnutls_1_1_5

gnutls_1_1_6

gnutls_1_1_7

gnutls_1_1_7_pre0

gnutls_1_1_8

gnutls_1_1_9

gnutls_1_2_0

gnutls_1_2_1

gnutls_1_2_10

gnutls_1_2_11

gnutls_1_2_2

gnutls_1_2_3

gnutls_1_2_4

gnutls_1_2_5

gnutls_1_2_6

gnutls_1_2_7

gnutls_1_2_8

gnutls_1_2_9

gnutls_1_3_0

gnutls_1_3_1

gnutls_1_3_2

gnutls_1_3_3

gnutls_1_3_4

gnutls_1_3_5

gnutls_1_4_0

gnutls_1_4_1

gnutls_1_4_2

gnutls_1_5_0

gnutls_1_5_1

gnutls_1_5_2

gnutls_1_5_3

gnutls_1_5_4

gnutls_1_5_5

gnutls_1_6_0

gnutls_1_6_1

gnutls_1_7_0

gnutls_1_7_1

gnutls_1_7_10

gnutls_1_7_11

gnutls_1_7_12

gnutls_1_7_13

gnutls_1_7_14

gnutls_1_7_15

gnutls_1_7_16

gnutls_1_7_17

gnutls_1_7_18

gnutls_1_7_19

gnutls_1_7_2

gnutls_1_7_3

gnutls_1_7_4

gnutls_1_7_5

gnutls_1_7_6

gnutls_1_7_7

gnutls_1_7_8

gnutls_1_7_9

gnutls_2_0_0

gnutls_2_0_1

gnutls_2_11_3

gnutls_2_11_4

gnutls_2_11_5

gnutls_2_11_6

gnutls_2_1_0

gnutls_2_1_1

gnutls_2_1_2

gnutls_2_1_3

gnutls_2_1_4

gnutls_2_1_5

gnutls_2_1_6

gnutls_2_1_7

gnutls_2_1_8

gnutls_2_3_0

gnutls_2_3_1

gnutls_2_3_10

gnutls_2_3_11

gnutls_2_3_12

gnutls_2_3_13

gnutls_2_3_14

gnutls_2_3_15

gnutls_2_3_3

gnutls_2_3_5

gnutls_2_3_6

gnutls_2_3_7

gnutls_2_3_8

gnutls_2_3_9

gnutls_2_4_0

gnutls_2_5_0

gnutls_2_5_1

gnutls_2_5_2

gnutls_2_5_3

gnutls_2_5_4

gnutls_2_5_6

gnutls_2_5_7

gnutls_2_5_8

gnutls_2_7_0

gnutls_2_7_1

gnutls_2_7_10

gnutls_2_7_11

gnutls_2_7_12

gnutls_2_7_3

gnutls_2_7_4

gnutls_2_7_5

gnutls_2_7_6

gnutls_2_7_7

gnutls_2_7_8

gnutls_2_7_9

gnutls_2_99_0

gnutls_2_99_1

gnutls_2_99_2

gnutls_2_99_3

gnutls_2_99_4

gnutls_2_9_10

gnutls_2_9_2

gnutls_2_9_3

gnutls_2_9_4

gnutls_2_9_5

gnutls_2_9_6

gnutls_2_9_7

gnutls_2_9_8

gnutls_2_9_9

gnutls_3_0_0

gnutls_3_0_10

gnutls_3_0_11

gnutls_3_0_13

gnutls_3_0_14

gnutls_3_0_15

gnutls_3_0_16

gnutls_3_0_17

gnutls_3_0_18

gnutls_3_0_2

gnutls_3_0_21

gnutls_3_0_3

gnutls_3_0_4

gnutls_3_0_5

gnutls_3_0_6

gnutls_3_0_7

gnutls_3_0_8

gnutls_3_0_9

gnutls_3_1_0

gnutls_3_1_0pre0

gnutls_3_1_2

gnutls_3_1_3

gnutls_3_1_4

gnutls_3_1_5

gnutls_3_1_6

gnutls_3_1_7

gnutls_3_1_8

gnutls_3_1_9

gnutls_3_2_0

gnutls_3_2_2

gnutls_3_2_3

gnutls_3_2_3pre0

gnutls_3_2_4

gnutls_3_2_5

gnutls_3_2_6

gnutls_3_3_0

gnutls_3_3_1

gnutls_3_3_2

gnutls_3_3_3

gnutls_3_3_4

gnutls_3_3_5

gnutls_3_3_6

gnutls_3_4_0

gnutls_3_4_1

gnutls_3_4_2

gnutls_3_4_3

gnutls_3_5_0

gnutls_3_5_1

gnutls_3_5_2

gnutls_3_5_3

gnutls_3_5_4

gnutls_3_5_5

gnutls_3_5_7

gnutls_3_6_0

gnutls_3_6_0_1

gnutls_3_6_1

gnutls_3_6_10

gnutls_3_6_11

gnutls_3_6_11_1

gnutls_3_6_12

gnutls_3_6_2

gnutls_3_6_3

gnutls_3_6_4

gnutls_3_6_5

gnutls_3_6_6

gnutls_3_6_7

gnutls_3_6_9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0553.json"

Git / gitlab.com/gnutls/gnutls

Affected ranges

Type

GIT

Repo

https://gitlab.com/gnutls/gnutls

Events

Introduced

df405c5e64874529b7b9dc1177165f03971dc196

Fixed

2f04c14daa086889b4e85f7056c39d23766ddaa1

Database specific

{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.3"
        }
    ]
}

Affected versions

3.*

3.8.0

3.8.1

3.8.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0553.json"