CVE-2018-10845
Description
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.093
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| GNU TLS library (USN-3999-1) libgnutls30_3.6.4-2ubuntu1.2_i386.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.6.4-2ubuntu1.2_amd64.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.6.5-2ubuntu1.1_i386.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.6.5-2ubuntu1.1_amd64.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.4.10-4ubuntu1.5_i386.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.4.10-4ubuntu1.5_amd64.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.5.18-1ubuntu1.1_i386.deb | Linux |
| GNU TLS library (USN-3999-1) libgnutls30_3.5.18-1ubuntu1.1_amd64.deb | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) gnutls-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) gnutls-debuginfo-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) gnutls-debugsource-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Server 12-SP3 ) libgnutls-openssl27-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Server 12-SP3 ) libgnutls-openssl27-debuginfo-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgnutls28-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgnutls28-32bit-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgnutls28-debuginfo-3.3.27-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:2842-1(SUSE Linux Enterprise Desktop 12-SP3 ) libgnutls28-debuginfo-32bit-3.3.27-3.3.1.x86_64.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-3.3.29-8.el7.i686.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-3.3.29-8.el7.x86_64.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-c++-3.3.29-8.el7.i686.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-c++-3.3.29-8.el7.x86_64.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-dane-3.3.29-8.el7.i686.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-dane-3.3.29-8.el7.x86_64.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-devel-3.3.29-8.el7.i686.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-devel-3.3.29-8.el7.x86_64.rpm | Linux |
| (RHSA-2018:3050) gnutls security, bug fix, and enhancement update gnutls-utils-3.3.29-8.el7.x86_64.rpm | Linux |
| Gnutls update (ELSA-2018-3050) gnutls-3.3.29-8.0.1.el7.x86_64.rpm | Linux |
| Gnutls-c++ update (ELSA-2018-3050) gnutls-c++-3.3.29-8.0.1.el7.x86_64.rpm | Linux |
| Gnutls-dane update (ELSA-2018-3050) gnutls-dane-3.3.29-8.0.1.el7.x86_64.rpm | Linux |
| Gnutls-devel update (ELSA-2018-3050) gnutls-devel-3.3.29-8.0.1.el7.x86_64.rpm | Linux |
| Gnutls-utils update (ELSA-2018-3050) gnutls-utils-3.3.29-8.0.1.el7.x86_64.rpm | Linux |
| Gnutls update (ELSA-2018-3050) gnutls-3.3.29-8.0.1.el7.i686.rpm | Linux |
| Gnutls-c++ update (ELSA-2018-3050) gnutls-c++-3.3.29-8.0.1.el7.i686.rpm | Linux |
| Gnutls-dane update (ELSA-2018-3050) gnutls-dane-3.3.29-8.0.1.el7.i686.rpm | Linux |
| Gnutls-devel update (ELSA-2018-3050) gnutls-devel-3.3.29-8.0.1.el7.i686.rpm | Linux |
| (RHSA-2018:3050)Moderate: security, bug fix, and enhancement update gnutls-debuginfo-3.3.29-8.el7.i686.rpm | Linux |
| (RHSA-2018:3050)Moderate: security, bug fix, and enhancement update gnutls-debuginfo-3.3.29-8.el7.x86_64.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-3.3.29-8.amzn2.i686.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-3.3.29-8.amzn2.x86_64.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-c++-3.3.29-8.amzn2.i686.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-c++-3.3.29-8.amzn2.x86_64.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-dane-3.3.29-8.amzn2.i686.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-dane-3.3.29-8.amzn2.x86_64.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-devel-3.3.29-8.amzn2.i686.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-devel-3.3.29-8.amzn2.x86_64.rpm | Linux |
| gnutls Security Update (ALAS-2018-1120) gnutls-utils-3.3.29-8.amzn2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234