CVE - CVE-2024-0553

CVE-ID
CVE-2024-0553	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHBZ#2258412 URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258412 MISC:RHSA-2024:0533 URL:https://access.redhat.com/errata/RHSA-2024:0533 MISC:RHSA-2024:0627 URL:https://access.redhat.com/errata/RHSA-2024:0627 MISC:RHSA-2024:0796 URL:https://access.redhat.com/errata/RHSA-2024:0796 MISC:RHSA-2024:1082 URL:https://access.redhat.com/errata/RHSA-2024:1082 MISC:RHSA-2024:1108 URL:https://access.redhat.com/errata/RHSA-2024:1108 MISC:http://www.openwall.com/lists/oss-security/2024/01/19/3 URL:http://www.openwall.com/lists/oss-security/2024/01/19/3 MISC:https://access.redhat.com/security/cve/CVE-2024-0553 URL:https://access.redhat.com/security/cve/CVE-2024-0553 MISC:https://gitlab.com/gnutls/gnutls/-/issues/1522 URL:https://gitlab.com/gnutls/gnutls/-/issues/1522 MISC:https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ MISC:https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html URL:https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html MISC:https://security.netapp.com/advisory/ntap-20240202-0011/ URL:https://security.netapp.com/advisory/ntap-20240202-0011/
Assigning CNA
Red Hat, Inc.
Date Record Created
20240115	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240115)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Site Map | Terms of Use | Privacy Policy | Contact Us | Follow CVE

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.