exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2024-28834

Status Candidate

Overview

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Related Files

GNU Transport Layer Security Library 3.8.6
Posted Jul 3, 2024
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: RSA-OAEP encryption scheme is now supported. Fixed side-channel in the deterministic ECDSA. Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Compression libraries are now loaded dynamically as needed instead of all being loaded during gnutls library initialization. The gnutls library can now be linked with the static library of GMP.
tags | protocol, library
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | 2e1588aae53cb32d43937f1f4eca28febd9c0c7aa1734fc5dd61a7e81e0ebcdd
Red Hat Security Advisory 2024-2889-03
Posted May 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2889-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | f2c2e37fa3d2c87ac74cef3a0011830b8dd61e027b9f9dd6ad3e0a4b4b07e51e
Red Hat Security Advisory 2024-2570-03
Posted May 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2570-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 4f5fdebfac04b238283506657521db5cd5b334df6d2fccbe0862ec809af45c7e
Ubuntu Security Notice USN-6733-2
Posted Apr 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6733-2 - USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | ddfa9b53cf55c5c796be4d398f38aed182745e8f5742e95f3b46d0343f9fcb73
Red Hat Security Advisory 2024-2044-03
Posted Apr 25, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2044-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 10771e9b977cbe58a4f41f789a99bbe77865dca52083d9c0193a11cc6001cf16
Red Hat Security Advisory 2024-1997-03
Posted Apr 24, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1997-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 50e84b2e154c121cee01b875691addf55560bb0e96846ffd4a182db991c49252
Red Hat Security Advisory 2024-1879-03
Posted Apr 18, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 6d8e6f9e5dfba8b13a681f3c306557227f9eeac671925f3dcc514d4eb10f5e2e
Ubuntu Security Notice USN-6733-1
Posted Apr 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2024-28834, CVE-2024-28835
SHA-256 | dfebcedb7a860d4a621a8d974617128c42cd5bb110089a91567169351a2f584d
Red Hat Security Advisory 2024-1784-03
Posted Apr 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1784-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-28834
SHA-256 | 3704f7681fcb98c2ef4644550c22ee9b60ac0ce4e8cb4b7e49563fcce13701fd
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close