← Volver a CVEs
CVE-2018-10845
MEDIUM5.9
Descripcion
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
Detalles CVE
Puntuacion CVSS v3.15.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/22/2018
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedoragnu:gnutlsredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstation
Debilidades (CWE)
CWE-385CWE-327
Referencias
http://www.securityfocus.com/bid/105138(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3050(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3505(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845(secalert@redhat.com)
https://eprint.iacr.org/2018/747(secalert@redhat.com)
https://gitlab.com/gnutls/gnutls/merge_requests/657(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/(secalert@redhat.com)
https://usn.ubuntu.com/3999-1/(secalert@redhat.com)
http://www.securityfocus.com/bid/105138(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3050(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3505(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845(af854a3a-2127-422b-91ae-364da2661108)
https://eprint.iacr.org/2018/747(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gnutls/gnutls/merge_requests/657(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3999-1/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.