← Zuruck zu CVEs
CVE-2018-10845
MEDIUM5.9
Beschreibung
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
CVE Details
CVSS v3.1 Bewertung5.9
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/22/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedoragnu:gnutlsredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_workstation
Schwachen (CWE)
CWE-385CWE-327
Referenzen
http://www.securityfocus.com/bid/105138(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3050(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:3505(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845(secalert@redhat.com)
https://eprint.iacr.org/2018/747(secalert@redhat.com)
https://gitlab.com/gnutls/gnutls/merge_requests/657(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/(secalert@redhat.com)
https://usn.ubuntu.com/3999-1/(secalert@redhat.com)
http://www.securityfocus.com/bid/105138(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3050(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:3505(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845(af854a3a-2127-422b-91ae-364da2661108)
https://eprint.iacr.org/2018/747(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gnutls/gnutls/merge_requests/657(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3999-1/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.