Unrated severityNVD Advisory· Published Aug 22, 2018· Updated Aug 5, 2024

CVE-2018-10844

Description

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

Affected products

osv-coords14 versions
pkg:rpm/suse/gnutls&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/gnutls&distro=SUSE%20OpenStack%20Cloud%207
< 3.2.15-18.6.1+ 13 more
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.6.2-6.3.1
- (no CPE)range: < 3.6.2-6.3.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.2.15-18.6.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.3.27-3.3.1
- (no CPE)range: < 3.2.15-18.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2018:3050mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:3505mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/mitrevendor-advisoryx_refsource_FEDORA
usn.ubuntu.com/3999-1/mitrevendor-advisoryx_refsource_UBUNTU
www.securityfocus.com/bid/105138mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
eprint.iacr.org/2018/747mitrex_refsource_MISC
gitlab.com/gnutls/gnutls/merge_requests/657mitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2018/10/msg00022.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000